From 2aaf4369b61256c28c205ec1152132760b310ebd Mon Sep 17 00:00:00 2001 From: 4real <100953533+strainxx@users.noreply.github.com> Date: Tue, 17 Sep 2024 17:57:32 +0300 Subject: [PATCH] Validate slot in PlayerInventory#setSlot (#11399) --- ...date-slot-in-PlayerInventory-setSlot.patch | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch diff --git a/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch b/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch new file mode 100644 index 0000000000..51eb36e240 --- /dev/null +++ b/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: strnq +Date: Sat, 14 Sep 2024 12:53:13 +0300 +Subject: [PATCH] Validate slot in PlayerInventory#setSlot + +The CraftPlayerInventory implementation sends a container_set_slot +packet to the client which will error if an invalid slot is passed to +the setSlot method, making a validation necessary over simply silently +ignoring invalid slot values. + +diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java +index eafa54c870c3e2aef30c3f9f96f516607a7cae24..8dea4321e41080829b474ad7b5a12c6a622181fd 100644 +--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java ++++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java +@@ -70,6 +70,11 @@ public class CraftInventoryPlayer extends CraftInventory implements org.bukkit.i + + @Override + public void setItem(int index, ItemStack item) { ++ // Paper start - Validate setItem index ++ if (index < 0 || index > 40) { ++ throw new ArrayIndexOutOfBoundsException("Index must be between 0 and 40"); ++ } ++ // Paper end - Validate setItem index + super.setItem(index, item); + if (this.getHolder() == null) return; + ServerPlayer player = ((CraftPlayer) this.getHolder()).getHandle();