PaperMC/patches/server/0923-Validate-ResourceLocation-in-NBT-reading.patch

156 lines
11 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nassim Jahnke <nassim@njahnke.dev>
Date: Thu, 4 Jan 2024 13:49:14 +0100
Subject: [PATCH] Validate ResourceLocation in NBT reading
diff --git a/src/main/java/net/minecraft/nbt/NbtUtils.java b/src/main/java/net/minecraft/nbt/NbtUtils.java
2024-06-14 10:56:28 +02:00
index 4929bac8e476664086470f078efce6c0a6164413..f88dd37783b3c155c23b547c360b8d3c16e030c0 100644
--- a/src/main/java/net/minecraft/nbt/NbtUtils.java
+++ b/src/main/java/net/minecraft/nbt/NbtUtils.java
2024-04-25 01:25:57 +02:00
@@ -149,8 +149,10 @@ public final class NbtUtils {
if (!nbt.contains("Name", 8)) {
return Blocks.AIR.defaultBlockState();
} else {
2024-06-14 10:56:28 +02:00
- ResourceLocation resourceLocation = ResourceLocation.parse(nbt.getString("Name"));
- Optional<? extends Holder<Block>> optional = blockLookup.get(ResourceKey.create(Registries.BLOCK, resourceLocation));
+ // Paper start - Validate resource location
+ ResourceLocation resourceLocation = ResourceLocation.tryParse(nbt.getString("Name"));
+ Optional<? extends Holder<Block>> optional = resourceLocation != null ? blockLookup.get(ResourceKey.create(Registries.BLOCK, resourceLocation)) : Optional.empty();
+ // Paper end - Validate resource location
if (optional.isEmpty()) {
return Blocks.AIR.defaultBlockState();
} else {
diff --git a/src/main/java/net/minecraft/resources/ResourceLocation.java b/src/main/java/net/minecraft/resources/ResourceLocation.java
2024-06-14 10:56:28 +02:00
index 87afe84791af2d5e9f869cd4c09eed4bb5fee75b..1967c43ee3a12e63365cc40ee6565307e2fd73cf 100644
--- a/src/main/java/net/minecraft/resources/ResourceLocation.java
+++ b/src/main/java/net/minecraft/resources/ResourceLocation.java
2024-06-14 10:56:28 +02:00
@@ -41,6 +41,13 @@ public final class ResourceLocation implements Comparable<ResourceLocation> {
assert isValidPath(path);
+ // Paper start - Validate ResourceLocation
+ // Check for the max network string length (capped at Short.MAX_VALUE) as well as the max bytes of a StringTag (length written as an unsigned short)
+ final String resourceLocation = namespace + ":" + path;
+ if (resourceLocation.length() > Short.MAX_VALUE || io.netty.buffer.ByteBufUtil.utf8MaxBytes(resourceLocation) > 2 * Short.MAX_VALUE + 1) {
+ throw new ResourceLocationException("Resource location too long: " + resourceLocation);
+ }
+ // Paper end - Validate ResourceLocation
this.namespace = namespace;
this.path = path;
}
diff --git a/src/main/java/net/minecraft/world/RandomizableContainer.java b/src/main/java/net/minecraft/world/RandomizableContainer.java
2024-06-14 10:56:28 +02:00
index 597cd5dbb4bb415a9b4d874c1c5dd621be1d6fc8..a9a80f8bc4a6f250fe3c20482c395058f024fabd 100644
--- a/src/main/java/net/minecraft/world/RandomizableContainer.java
+++ b/src/main/java/net/minecraft/world/RandomizableContainer.java
@@ -50,7 +50,7 @@ public interface RandomizableContainer extends Container {
default boolean tryLoadLootTable(CompoundTag nbt) {
if (nbt.contains("LootTable", 8)) {
2024-06-14 10:56:28 +02:00
- this.setLootTable(ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable"))));
2024-05-29 20:17:56 +02:00
+ this.setLootTable(net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl))); // Paper - Validate ResourceLocation
if (this.lootableData() != null && this.getLootTable() != null) this.lootableData().loadNbt(nbt); // Paper - LootTable API
if (nbt.contains("LootTableSeed", 4)) {
this.setLootTableSeed(nbt.getLong("LootTableSeed"));
diff --git a/src/main/java/net/minecraft/world/entity/EntityType.java b/src/main/java/net/minecraft/world/entity/EntityType.java
2024-06-14 10:56:28 +02:00
index b98f9246b60daf31460f41ce214dfa7c011f5684..842b0cec0397d7ae5166617627340ffac0e35db1 100644
--- a/src/main/java/net/minecraft/world/entity/EntityType.java
+++ b/src/main/java/net/minecraft/world/entity/EntityType.java
2024-04-25 01:25:57 +02:00
@@ -623,7 +623,7 @@ public class EntityType<T extends Entity> implements FeatureElement, EntityTypeT
}
public static Optional<EntityType<?>> by(CompoundTag nbt) {
2024-06-14 10:56:28 +02:00
- return BuiltInRegistries.ENTITY_TYPE.getOptional(ResourceLocation.parse(nbt.getString("id")));
+ return BuiltInRegistries.ENTITY_TYPE.getOptional(ResourceLocation.tryParse(nbt.getString("id"))); // Paper - Validate ResourceLocation
}
@Nullable
2024-02-01 10:53:15 +01:00
diff --git a/src/main/java/net/minecraft/world/entity/LivingEntity.java b/src/main/java/net/minecraft/world/entity/LivingEntity.java
Updated Upstream (Bukkit/CraftBukkit/Spigot) (#11024) * Updated Upstream (Bukkit/CraftBukkit/Spigot) Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: e86f4dc4 PR-1041: Improve getPlayer(String) docs to clarify it matches the name 9738f005 Fix spawner API documentation 69ebd9fd PR-1034: Add TrialSpawnerSpawnEvent 23cffd9c PR-973: Improve spawner API and add API for Trial Spawners 8bf19163 PR-1038: Clarify HumanEntity#openInventory(InventoryView) JavaDoc 1ff76351 SPIGOT-7732, SPIGOT-7786: Add freezing damage modifier 02161cb4 PR-1034: Add CreatureSpawnEvent.SpawnReason#TRIAL_SPAWNER f9cb6f34 SPIGOT-7777: All entity potion effects are removed on death 25d548eb PR-1031: Expose Creeper igniter ccbf0915 SPIGOT-7770: Reserve spaces in shaped recipes for blank ingredients 17f7097c Clarify ambiguity around what is API 71714f0c Remove note from InventoryView JavaDoc aaf49731 PR-1030: Deprecate more unused methods in UnsafeValues 3a9dc689 SPIGOT-7771: Material.getDefaultAttributes always returns an empty map CraftBukkit Changes: c3ceeb6f7 SPIGOT-7814: Call PlayerShearEntityEvent for Bogged 97b1e4f58 Fix wolf armor not dropping from use of shears fd2ef563a SPIGOT-7812: Revert "SPIGOT-7809: Restore shield/banner conversion for base colours" f672c351b SPIGOT-7811: Enchantments are applied on sweeping attack even if damage event is cancelled cfe29350b SPIGOT-7808: Fix implementation of Enchantment#getName() for bad name return 19335f69e SPIGOT-7809: Restore shield/banner conversion for base colours ae4f5a0be SPIGOT-7805: Fix jukebox deserialization 62e3b73a4 SPIGOT-7804: Fix written book serialization aac911d26 SPIGOT-7800, SPIGOT-7801: Keep vanilla behaviour for items dropped on player death 13ece474f PR-1429: Implement TrialSpawnerSpawnEvent bf13e9113 PR-1354: Improve spawner API and add API for Trial Spawners 515fe49e1 Increase outdated build delay 9cd5a19a0 SPIGOT-7794: Cancelling InventoryItemMoveEvent destroys items ce40c7b14 SPIGOT-7796: Kickplayer newlines not working 5167256ff SPIGOT-7795: Fix damage/stats ignore the invulnerable damage time f993563ee Improve cross-world teleportation handling ab29122cf PR-1433: HumanEntity#openInventory(InventoryView) should only support views belonging to the player 764a541c5 SPIGOT-7732: Issue with the "hurt()" method of EntityLiving and invulnerable time 820084b5f SPIGOT-7791: Skull BlockState with null profile causes NullPointerException 5e46f1c82 SPIGOT-7785: Teleporting a player at the right moment can mess up vanilla teleportation cbd95a6b3 SPIGOT-7772: Include hidden / non-sampled players in player count 3153debc5 SPIGOT-7790: Server crashes after bee nest is forced to update e77bb26bb SPIGOT-7788: The healing power of friendship advancement is never granted ee3d7258a SPIGOT-7789: Fix NPE in CraftMetaFirework applyToItem 2889b3a11 PR-1429: Add CreatureSpawnEvent.SpawnReason#TRIAL_SPAWNER cdd05bc7f SPIGOT-7777: Speed attribute stays after death; missing EntityPotionEffectEvent call d0e6af2d4 PR-1428: Expose Creeper igniter d01c70e93 PR-1425: Fix bytecode transformation taking care of class-to-interface compatibility. b2b08f68c SPIGOT-7770: Fix certain shaped recipes not registering 3f8e4161f PR-1426: Deprecate more unused methods in UnsafeValues 2c9dd879e SPIGOT-7771: Material.getDefaultAttributes always returns an empty map Spigot Changes: 491f3675 Rebuild patches 0a642bd7 Rebuild patches 8897571b Rebuild patches cb8cf80c Fix newlines in custom restart message 1aabe506 Rebuild patches
2024-07-06 21:19:14 +02:00
index ff16c7196b146388c526e3100e561be771ca8a91..cbf076c5fa69d32ad3c8ea759cd9d405b60f8663 100644
2024-02-01 10:53:15 +01:00
--- a/src/main/java/net/minecraft/world/entity/LivingEntity.java
+++ b/src/main/java/net/minecraft/world/entity/LivingEntity.java
Updated Upstream (Bukkit/CraftBukkit/Spigot) (#11024) * Updated Upstream (Bukkit/CraftBukkit/Spigot) Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: e86f4dc4 PR-1041: Improve getPlayer(String) docs to clarify it matches the name 9738f005 Fix spawner API documentation 69ebd9fd PR-1034: Add TrialSpawnerSpawnEvent 23cffd9c PR-973: Improve spawner API and add API for Trial Spawners 8bf19163 PR-1038: Clarify HumanEntity#openInventory(InventoryView) JavaDoc 1ff76351 SPIGOT-7732, SPIGOT-7786: Add freezing damage modifier 02161cb4 PR-1034: Add CreatureSpawnEvent.SpawnReason#TRIAL_SPAWNER f9cb6f34 SPIGOT-7777: All entity potion effects are removed on death 25d548eb PR-1031: Expose Creeper igniter ccbf0915 SPIGOT-7770: Reserve spaces in shaped recipes for blank ingredients 17f7097c Clarify ambiguity around what is API 71714f0c Remove note from InventoryView JavaDoc aaf49731 PR-1030: Deprecate more unused methods in UnsafeValues 3a9dc689 SPIGOT-7771: Material.getDefaultAttributes always returns an empty map CraftBukkit Changes: c3ceeb6f7 SPIGOT-7814: Call PlayerShearEntityEvent for Bogged 97b1e4f58 Fix wolf armor not dropping from use of shears fd2ef563a SPIGOT-7812: Revert "SPIGOT-7809: Restore shield/banner conversion for base colours" f672c351b SPIGOT-7811: Enchantments are applied on sweeping attack even if damage event is cancelled cfe29350b SPIGOT-7808: Fix implementation of Enchantment#getName() for bad name return 19335f69e SPIGOT-7809: Restore shield/banner conversion for base colours ae4f5a0be SPIGOT-7805: Fix jukebox deserialization 62e3b73a4 SPIGOT-7804: Fix written book serialization aac911d26 SPIGOT-7800, SPIGOT-7801: Keep vanilla behaviour for items dropped on player death 13ece474f PR-1429: Implement TrialSpawnerSpawnEvent bf13e9113 PR-1354: Improve spawner API and add API for Trial Spawners 515fe49e1 Increase outdated build delay 9cd5a19a0 SPIGOT-7794: Cancelling InventoryItemMoveEvent destroys items ce40c7b14 SPIGOT-7796: Kickplayer newlines not working 5167256ff SPIGOT-7795: Fix damage/stats ignore the invulnerable damage time f993563ee Improve cross-world teleportation handling ab29122cf PR-1433: HumanEntity#openInventory(InventoryView) should only support views belonging to the player 764a541c5 SPIGOT-7732: Issue with the "hurt()" method of EntityLiving and invulnerable time 820084b5f SPIGOT-7791: Skull BlockState with null profile causes NullPointerException 5e46f1c82 SPIGOT-7785: Teleporting a player at the right moment can mess up vanilla teleportation cbd95a6b3 SPIGOT-7772: Include hidden / non-sampled players in player count 3153debc5 SPIGOT-7790: Server crashes after bee nest is forced to update e77bb26bb SPIGOT-7788: The healing power of friendship advancement is never granted ee3d7258a SPIGOT-7789: Fix NPE in CraftMetaFirework applyToItem 2889b3a11 PR-1429: Add CreatureSpawnEvent.SpawnReason#TRIAL_SPAWNER cdd05bc7f SPIGOT-7777: Speed attribute stays after death; missing EntityPotionEffectEvent call d0e6af2d4 PR-1428: Expose Creeper igniter d01c70e93 PR-1425: Fix bytecode transformation taking care of class-to-interface compatibility. b2b08f68c SPIGOT-7770: Fix certain shaped recipes not registering 3f8e4161f PR-1426: Deprecate more unused methods in UnsafeValues 2c9dd879e SPIGOT-7771: Material.getDefaultAttributes always returns an empty map Spigot Changes: 491f3675 Rebuild patches 0a642bd7 Rebuild patches 8897571b Rebuild patches cb8cf80c Fix newlines in custom restart message 1aabe506 Rebuild patches
2024-07-06 21:19:14 +02:00
@@ -887,11 +887,13 @@ public abstract class LivingEntity extends Entity implements Attackable {
2024-02-01 10:53:15 +01:00
if (nbt.contains("SleepingX", 99) && nbt.contains("SleepingY", 99) && nbt.contains("SleepingZ", 99)) {
BlockPos blockposition = new BlockPos(nbt.getInt("SleepingX"), nbt.getInt("SleepingY"), nbt.getInt("SleepingZ"));
2024-06-14 10:56:28 +02:00
2024-02-01 10:53:15 +01:00
+ if (this.position().distanceToSqr(blockposition.getX(), blockposition.getY(), blockposition.getZ()) < 16 * 16) { // Paper - The sleeping pos will always also set the actual pos, so a desync suggests something is wrong
this.setSleepingPos(blockposition);
this.entityData.set(LivingEntity.DATA_POSE, Pose.SLEEPING);
if (!this.firstTick) {
this.setPosToBed(blockposition);
}
+ } // Paper - The sleeping pos will always also set the actual pos, so a desync suggests something is wrong
}
if (nbt.contains("Brain", 10)) {
diff --git a/src/main/java/net/minecraft/world/entity/Mob.java b/src/main/java/net/minecraft/world/entity/Mob.java
2024-07-18 16:50:16 +02:00
index 1a2efd8b77d65606994f13980ddbe018f90d0c35..8b6eed30f84dc98878deaa805e7446ae4b168400 100644
--- a/src/main/java/net/minecraft/world/entity/Mob.java
+++ b/src/main/java/net/minecraft/world/entity/Mob.java
2024-07-18 16:50:16 +02:00
@@ -603,7 +603,7 @@ public abstract class Mob extends LivingEntity implements EquipmentUser, Leashab
2024-06-14 10:56:28 +02:00
this.leashData = this.readLeashData(nbt);
this.setLeftHanded(nbt.getBoolean("LeftHanded"));
if (nbt.contains("DeathLootTable", 8)) {
2024-06-14 10:56:28 +02:00
- this.lootTable = ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("DeathLootTable")));
2024-04-25 01:25:57 +02:00
+ this.lootTable = net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("DeathLootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl)); // Paper - Validate ResourceLocation
this.lootTableSeed = nbt.getLong("DeathLootTableSeed");
}
diff --git a/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java b/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java
index 10d30304c8c89b1f2a55be8529035311d1424e44..ddf47dab1ab92c45e3eea09239d418a9798ed59e 100644
--- a/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java
+++ b/src/main/java/net/minecraft/world/entity/projectile/AbstractArrow.java
@@ -649,7 +649,7 @@ public abstract class AbstractArrow extends Projectile {
this.setCritArrow(nbt.getBoolean("crit"));
this.setPierceLevel(nbt.getByte("PierceLevel"));
if (nbt.contains("SoundEvent", 8)) {
2024-06-14 10:56:28 +02:00
- this.soundEvent = (SoundEvent) BuiltInRegistries.SOUND_EVENT.getOptional(ResourceLocation.parse(nbt.getString("SoundEvent"))).orElse(this.getDefaultHitGroundSoundEvent());
+ this.soundEvent = (SoundEvent) BuiltInRegistries.SOUND_EVENT.getOptional(ResourceLocation.tryParse(nbt.getString("SoundEvent"))).orElse(this.getDefaultHitGroundSoundEvent()); // Paper - Validate resource location
}
2024-06-14 10:56:28 +02:00
if (nbt.contains("item", 10)) {
diff --git a/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java b/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java
2024-06-14 10:56:28 +02:00
index ccc7367ab2740bea0f2b907223a0920b11665092..845eff7401b811c179dc9dee70eca0d724be5c80 100644
--- a/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java
+++ b/src/main/java/net/minecraft/world/entity/vehicle/ContainerEntity.java
@@ -73,7 +73,7 @@ public interface ContainerEntity extends Container, MenuProvider {
2024-04-25 01:25:57 +02:00
default void readChestVehicleSaveData(CompoundTag nbt, HolderLookup.Provider registriesLookup) {
this.clearItemStacks();
if (nbt.contains("LootTable", 8)) {
2024-06-14 10:56:28 +02:00
- this.setLootTable(ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable"))));
2024-04-25 01:25:57 +02:00
+ this.setLootTable(net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl))); // Paper - Validate ResourceLocation
// Paper start - LootTable API
if (this.getLootTable() != null) {
this.lootableData().loadNbt(nbt);
diff --git a/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java b/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java
2024-06-14 14:28:06 +02:00
index 65ab9b22f724877b68f4f25aad2831e2cb080b19..730aca233f6e7564d4cb85b5b628d23c4f01d2f4 100644
--- a/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java
+++ b/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java
2024-04-25 01:25:57 +02:00
@@ -295,7 +295,12 @@ public abstract class AbstractFurnaceBlockEntity extends BaseContainerBlockEntit
while (iterator.hasNext()) {
String s = (String) iterator.next();
2024-06-14 10:56:28 +02:00
- this.recipesUsed.put(ResourceLocation.parse(s), nbttagcompound1.getInt(s));
+ // Paper start - Validate ResourceLocation
+ final ResourceLocation resourceLocation = ResourceLocation.tryParse(s);
+ if (resourceLocation != null) {
+ this.recipesUsed.put(resourceLocation, nbttagcompound1.getInt(s));
+ }
+ // Paper end - Validate ResourceLocation
}
// Paper start - cook speed multiplier API
diff --git a/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java b/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java
2024-06-14 10:56:28 +02:00
index 32de29c385c784ab87e29b2e072f3992386cd775..dc02a3d84b397f634f77f4df9c06e245cc4dcb75 100644
--- a/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java
+++ b/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java
2024-04-25 01:25:57 +02:00
@@ -202,7 +202,7 @@ public class BrushableBlockEntity extends BlockEntity {
private boolean tryLoadLootTable(CompoundTag nbt) {
if (nbt.contains("LootTable", 8)) {
2024-06-14 10:56:28 +02:00
- this.lootTable = ResourceKey.create(Registries.LOOT_TABLE, ResourceLocation.parse(nbt.getString("LootTable")));
2024-04-25 01:25:57 +02:00
+ this.lootTable = net.minecraft.Optionull.map(ResourceLocation.tryParse(nbt.getString("LootTable")), rl -> ResourceKey.create(Registries.LOOT_TABLE, rl)); // Paper - Validate ResourceLocation
this.lootTableSeed = nbt.getLong("LootTableSeed");
return true;
} else {