Update upstream CB

This commit is contained in:
Zach Brown 2016-07-22 17:24:30 -05:00
parent 4b8526fd6d
commit 359f9ad8cf
2 changed files with 1 additions and 43 deletions

View file

@ -1,42 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Zach Brown <1254957+zachbr@users.noreply.github.com>
Date: Mon, 18 Jul 2016 17:57:36 -0500
Subject: [PATCH] Less strict skull validation
Spigot's solution removes all unsigned skins from Skulls. While this does work to achieve its original goal, it is often
overzealous and removes many plugin created and other skulls. We can be more specific in our checks to avoid this.
This does technically reveal how the exploit works, however given that it already appears to be well-known throughout
malicious communities, and the current solution breaks legitimate skulls, we don't feel particularly bad about it this
time.
diff --git a/src/main/java/net/minecraft/server/ItemSkull.java b/src/main/java/net/minecraft/server/ItemSkull.java
index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644
--- a/src/main/java/net/minecraft/server/ItemSkull.java
+++ b/src/main/java/net/minecraft/server/ItemSkull.java
@@ -0,0 +0,0 @@ public class ItemSkull extends Item {
boolean valid = true;
NBTTagList textures = nbttagcompound.getCompound("SkullOwner").getCompound("Properties").getList("textures", 10); // Safe due to method contracts
+ // Paper start - Less strict validation
+ for (NBTBase texture : textures.list) {
+ if (texture instanceof NBTTagCompound && !((NBTTagCompound) texture).hasKeyOfType("Signature", 8)) {
+ if (((NBTTagCompound) texture).getString("Value").trim().length() > 0) {
+ continue;
+ }
+
+ valid = false;
+ }
+ }
+ /*
for (int i = 0; i < textures.size(); i++) {
if (textures.get(i) instanceof NBTTagCompound && !((NBTTagCompound) textures.get(i)).hasKeyOfType("Signature", 8)) {
valid = false;
}
}
+ */
+ // Paper end
if (!valid) {
nbttagcompound.remove("SkullOwner");
--

@ -1 +1 @@
Subproject commit 7f9fbe54baf0e73dc6a9a1ff58d67f82881507a4
Subproject commit f5d891f609a5b93afbc778aadcd107363477d791