Paper/CraftBukkit-Patches/0146-Better-item-validation.patch
Zach Brown 5b4bc3081a Update from upstream SpigotMC
Upstream merge (we must go deeper) SpigotMC/Spigot@1e7bc383c3
2014-08-18 10:43:17 -05:00

116 lines
4.5 KiB
Diff

From 9fb3a495d25e376af9ecfaac0843ba6e339cc7d8 Mon Sep 17 00:00:00 2001
From: Thinkofdeath <thinkofdeath@spigotmc.org>
Date: Wed, 2 Jul 2014 23:35:51 +0100
Subject: [PATCH] Better item validation
diff --git a/src/main/java/net/minecraft/server/PacketDataSerializer.java b/src/main/java/net/minecraft/server/PacketDataSerializer.java
index a5be533..e4df5b3 100644
--- a/src/main/java/net/minecraft/server/PacketDataSerializer.java
+++ b/src/main/java/net/minecraft/server/PacketDataSerializer.java
@@ -97,6 +97,10 @@ public class PacketDataSerializer extends ByteBuf {
NBTTagCompound nbttagcompound = null;
if (itemstack.getItem().usesDurability() || itemstack.getItem().s()) {
+ // Spigot start - filter
+ itemstack = itemstack.cloneItemStack();
+ CraftItemStack.setItemMeta(itemstack, CraftItemStack.getItemMeta(itemstack));
+ // Spigot end
nbttagcompound = itemstack.tag;
}
diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java
index 1cf8fce..bdc6364 100644
--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java
+++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java
@@ -17,6 +17,10 @@ import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap.Builder;
+// Spigot start
+import static org.spigotmc.ValidateUtils.*;
+// Spigot end
+
@DelegateDeserialization(SerializableMeta.class)
class CraftMetaBook extends CraftMetaItem implements BookMeta {
static final ItemMetaKey BOOK_TITLE = new ItemMetaKey("title");
@@ -45,11 +49,11 @@ class CraftMetaBook extends CraftMetaItem implements BookMeta {
super(tag);
if (tag.hasKey(BOOK_TITLE.NBT)) {
- this.title = tag.getString(BOOK_TITLE.NBT);
+ this.title = limit( tag.getString(BOOK_TITLE.NBT), 1024 ); // Spigot
}
if (tag.hasKey(BOOK_AUTHOR.NBT)) {
- this.author = tag.getString(BOOK_AUTHOR.NBT);
+ this.author = limit( tag.getString(BOOK_AUTHOR.NBT), 1024 ); // Spigot
}
if (tag.hasKey(BOOK_PAGES.NBT)) {
@@ -57,7 +61,7 @@ class CraftMetaBook extends CraftMetaItem implements BookMeta {
String[] pageArray = new String[pages.size()];
for (int i = 0; i < pages.size(); i++) {
- String page = pages.getString(i);
+ String page = limit( pages.getString(i), 2048 ); // Spigot
pageArray[i] = page;
}
diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java
index c9738c4..ec37524 100644
--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java
+++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java
@@ -36,6 +36,10 @@ import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
+// Spigot start
+import static org.spigotmc.ValidateUtils.*;
+// Spigot end
+
/**
* Children must include the following:
*
@@ -227,7 +231,7 @@ class CraftMetaItem implements ItemMeta, Repairable {
NBTTagCompound display = tag.getCompound(DISPLAY.NBT);
if (display.hasKey(NAME.NBT)) {
- displayName = display.getString(NAME.NBT);
+ displayName = limit( display.getString(NAME.NBT), 1024 ); // Spigot
}
if (display.hasKey(LORE.NBT)) {
@@ -235,7 +239,7 @@ class CraftMetaItem implements ItemMeta, Repairable {
lore = new ArrayList<String>(list.size());
for (int index = 0; index < list.size(); index++) {
- String line = list.getString(index);
+ String line = limit( list.getString(index), 1024 ); // Spigot
lore.add(line);
}
}
diff --git a/src/main/java/org/spigotmc/ValidateUtils.java b/src/main/java/org/spigotmc/ValidateUtils.java
new file mode 100644
index 0000000..58a9534
--- /dev/null
+++ b/src/main/java/org/spigotmc/ValidateUtils.java
@@ -0,0 +1,14 @@
+package org.spigotmc;
+
+public class ValidateUtils
+{
+
+ public static String limit(String str, int limit)
+ {
+ if ( str.length() > limit )
+ {
+ return str.substring( 0, limit );
+ }
+ return str;
+ }
+}
--
1.9.1