Paper/patches/server/0395-Validate-PickItem-Packet-and-kick-for-invalid.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid


diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
index fe722106e20e199eb914a09f8dbc1409e27f1d69..77cc62cc942687a40371741904525301a4ed5240 100644
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
@@ -967,7 +967,14 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
     @Override
     public void handlePickItem(ServerboundPickItemPacket packet) {
         PacketUtils.ensureRunningOnSameThread(packet, this, this.player.getLevel());
-        this.player.getInventory().pickSlot(packet.getSlot());
+        // Paper start - validate pick item position
+        if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
+            ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
+            this.disconnect("Invalid hotbar selection (Hacking?)");
+            return;
+        }
+        this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
+        // Paper end
         this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
         this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
         this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));