Upstream/Paper
1
0
Fork 0
mirror of https://github.com/PaperMC/Paper.git synced 2024-11-25 12:05:53 +01:00
Code Issues Projects Releases Wiki Activity
dc684c60d1
Paper/patches/server/0352-Validate-PickItem-Packet-and-kick-for-invalid.patch
Nassim Jahnke dc684c60d1
Remove bad server.scheduleOnMain disconnect calls from old patches 
The new behavior of disconnect to block the current thread until the disconnect succeeded is better than throwing it off to happen at some point
2024-06-16 12:56:00 +02:00

27 lines
1.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Aikar <aikar@aikar.co>
Date: Sat, 2 May 2020 03:09:46 -0400
Subject: [PATCH] Validate PickItem Packet and kick for invalid
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
index 5db66f34c8010331765f2a75af6f8f19c6855e51..451f443a11e93b1d4a00490fd3459156289ff614 100644
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
@@ -895,7 +895,14 @@ public class ServerGamePacketListenerImpl extends ServerCommonPacketListenerImpl
@Override
public void handlePickItem(ServerboundPickItemPacket packet) {
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
- this.player.getInventory().pickSlot(packet.getSlot());
+ // Paper start - validate pick item position
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
+ this.disconnect(Component.literal("Invalid hotbar selection (Hacking?)"));
+ return;
+ }
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
+ // Paper end - validate pick item position
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
Reference in New Issue View Git Blame Copy Permalink