From 98a42ce6d02003d4cb7ce813be85ca376a8b6b7f Mon Sep 17 00:00:00 2001 From: Aikar Date: Thu, 28 Feb 2019 00:05:33 -0500 Subject: [PATCH] Strip extra Sign data to/from client - Fixes #1876 modified clients can send abnormally large data from the client to the server and it would get stored on the sign as sent. the client can barely render around 16 characters as-is, but formatting codes can get it to be more than 16 actual length. Set a limit of 80 which should give an average of 16 characters 2 sets of legacy formatting codes which should be plenty for all uses. This does not strip any existing data from the NBT as plugins may use this for storing data out of the rendered area. it only impacts data sent to and from the client. Set -DPaper.maxSignLength=XX to change limit or -1 to disable --- ...Strip-extra-Sign-data-to-from-client.patch | 78 +++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 Spigot-Server-Patches/Strip-extra-Sign-data-to-from-client.patch diff --git a/Spigot-Server-Patches/Strip-extra-Sign-data-to-from-client.patch b/Spigot-Server-Patches/Strip-extra-Sign-data-to-from-client.patch new file mode 100644 index 0000000000..fa37e802f9 --- /dev/null +++ b/Spigot-Server-Patches/Strip-extra-Sign-data-to-from-client.patch @@ -0,0 +1,78 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Aikar +Date: Wed, 27 Feb 2019 22:18:40 -0500 +Subject: [PATCH] Strip extra Sign data to/from client + +modified clients can send abnormally large data from the client +to the server and it would get stored on the sign as sent. + +the client can barely render around 16 characters as-is, but formatting +codes can get it to be more than 16 actual length. + +Set a limit of 80 which should give an average of 16 characters 2 +sets of legacy formatting codes which should be plenty for all uses. + +This does not strip any existing data from the NBT as plugins +may use this for storing data out of the rendered area. + +it only impacts data sent to and from the client. + +Set -DPaper.maxSignLength=XX to change limit or -1 to disable + +diff --git a/src/main/java/net/minecraft/server/PlayerConnection.java b/src/main/java/net/minecraft/server/PlayerConnection.java +index 04344a3711..9b857a8d1d 100644 +--- a/src/main/java/net/minecraft/server/PlayerConnection.java ++++ b/src/main/java/net/minecraft/server/PlayerConnection.java +@@ -0,0 +0,0 @@ public class PlayerConnection implements PacketListenerPlayIn, ITickable { + String[] lines = new String[4]; + + for (int i = 0; i < astring.length; ++i) { ++ // Paper start - cap line length - modified clients can send longer data than normal ++ if (astring[i].length() > TileEntitySign.MAX_SIGN_LINE_LENGTH && TileEntitySign.MAX_SIGN_LINE_LENGTH > 0) { ++ astring[i] = astring[i].substring(0, TileEntitySign.MAX_SIGN_LINE_LENGTH); ++ } ++ // Paper end + lines[i] = SharedConstants.a(astring[i]); //Paper - Replaced with anvil color stripping method to stop exploits that allow colored signs to be created. + } + SignChangeEvent event = new SignChangeEvent((org.bukkit.craftbukkit.block.CraftBlock) player.getWorld().getBlockAt(x, y, z), this.server.getPlayer(this.player), lines); +diff --git a/src/main/java/net/minecraft/server/TileEntitySign.java b/src/main/java/net/minecraft/server/TileEntitySign.java +index c2bcbbbab9..9dbdabeb0c 100644 +--- a/src/main/java/net/minecraft/server/TileEntitySign.java ++++ b/src/main/java/net/minecraft/server/TileEntitySign.java +@@ -0,0 +0,0 @@ public class TileEntitySign extends TileEntity implements ICommandListener { + // Paper start - Strip invalid unicode from signs on load + private static final boolean keepInvalidUnicode = Boolean.getBoolean("Paper.keepInvalidUnicode"); // Allow people to keep their bad unicode if they really want it + private boolean privateUnicodeRemoved = false; ++ public static final int MAX_SIGN_LINE_LENGTH = Integer.getInteger("Paper.maxSignLength", 80); + // Paper end + + public TileEntitySign() { + super(TileEntityTypes.SIGN); + } + ++ // Paper start + public NBTTagCompound save(NBTTagCompound nbttagcompound) { ++ return save(nbttagcompound, false); ++ } ++ public NBTTagCompound save(NBTTagCompound nbttagcompound, boolean filterLines) { ++ // Paper end + super.save(nbttagcompound); + + for (int i = 0; i < 4; ++i) { + String s = IChatBaseComponent.ChatSerializer.a(this.lines[i]); + +- nbttagcompound.setString("Text" + (i + 1), s); ++ nbttagcompound.setString("Text" + (i + 1), filterLines && MAX_SIGN_LINE_LENGTH > 0 && s.length() > MAX_SIGN_LINE_LENGTH ? s.substring(0, MAX_SIGN_LINE_LENGTH): s); // Paper + } + + // CraftBukkit start +@@ -0,0 +0,0 @@ public class TileEntitySign extends TileEntity implements ICommandListener { + } + + public NBTTagCompound aa_() { +- return this.save(new NBTTagCompound()); ++ return this.save(new NBTTagCompound(), true); // Paper - filter lines + } + + public boolean isFilteredNBT() { +-- \ No newline at end of file