Fix overly strong name validation in player heads

Closes #10477
This commit is contained in:
Nassim Jahnke 2024-04-28 18:25:20 +02:00
parent 4491ac05d1
commit aed7dcab98
No known key found for this signature in database
GPG key ID: EF6771C01F6EF02F
3 changed files with 27 additions and 20 deletions

View file

@ -5,7 +5,7 @@ Subject: [PATCH] Validate usernames
diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
index b968026728b8b4e549eed9fa9b43919c6c19eb7a..c44a15fc358c28345302b1bf37fc4b111a77fe0e 100644
index b968026728b8b4e549eed9fa9b43919c6c19eb7a..9bcded0466f3b10fafd709edc44c60f85cb48b7f 100644
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
@@ -83,6 +83,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@ -16,12 +16,18 @@ index b968026728b8b4e549eed9fa9b43919c6c19eb7a..c44a15fc358c28345302b1bf37fc4b11
public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection, boolean transferred) {
this.state = ServerLoginPacketListenerImpl.State.HELLO;
@@ -164,7 +165,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@@ -164,7 +165,13 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@Override
public void handleHello(ServerboundHelloPacket packet) {
Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]);
- Validate.validState(StringUtil.isValidPlayerName(packet.name()), "Invalid characters in username", new Object[0]);
+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation && !this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation) Validate.validState(StringUtil.isValidPlayerName(packet.name()), "Invalid characters in username", new Object[0]); // Paper - config username validation
+ // Paper start - Validate usernames
+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode()
+ && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation
+ && !this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation) {
+ Validate.validState(StringUtil.isReasonablePlayerName(packet.name()), "Invalid characters in username", new Object[0]);
+ }
+ // Paper end - Validate usernames
this.requestedUsername = packet.name();
GameProfile gameprofile = this.server.getSingleplayerProfile();
@ -39,22 +45,21 @@ index d7bbdcc97745246718c92c9aba56d9f926897975..7406784899ba5f3575adf1ffe5e5d85a
}
}
diff --git a/src/main/java/net/minecraft/util/StringUtil.java b/src/main/java/net/minecraft/util/StringUtil.java
index d3fc549a08993376c76c4ebebb788fea3f4ddf69..ae7ef47446c15b8a6878dd2d31b60cd0670eaf83 100644
index d3fc549a08993376c76c4ebebb788fea3f4ddf69..0bd191acb9596d3aa21c337230d26f09d26f6888 100644
--- a/src/main/java/net/minecraft/util/StringUtil.java
+++ b/src/main/java/net/minecraft/util/StringUtil.java
@@ -64,7 +64,23 @@ public class StringUtil {
@@ -67,6 +67,25 @@ public class StringUtil {
return name.length() <= 16 && name.chars().filter(c -> c <= 32 || c >= 127).findAny().isEmpty();
}
public static boolean isValidPlayerName(String name) {
- return name.length() <= 16 && name.chars().filter(c -> c <= 32 || c >= 127).findAny().isEmpty();
+ // Paper start - username validation overriding
+ if (name == null || name.isEmpty() || name.length() > 16) {
+ // Paper start - Username validation
+ public static boolean isReasonablePlayerName(final String name) {
+ if (name.isEmpty() || name.length() > 16) {
+ return false;
+ }
+
+ for (int i = 0, len = name.length(); i < len; ++i) {
+ char c = name.charAt(i);
+
+ final char c = name.charAt(i);
+ if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) {
+ continue;
+ }
@ -63,7 +68,9 @@ index d3fc549a08993376c76c4ebebb788fea3f4ddf69..ae7ef47446c15b8a6878dd2d31b60cd0
+ }
+
+ return true;
+ // Paper end - username validation overriding
}
+ }
+ // Paper end - Username validation
+
public static String filterText(String string) {
return filterText(string, false);
}

View file

@ -134,7 +134,7 @@ index 784788d8d3d1a07efbd406b6c463e046699081e2..fdff82ed5dbf5176d470b9b6c41acfe6
DedicatedServer.LOGGER.warn("While this makes the game possible to play without internet access, it also opens up the ability for hackers to connect with any username they choose.");
}
diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
index c44a15fc358c28345302b1bf37fc4b111a77fe0e..3333cb70744dc7ef8b181d332b63766aaaaad11f 100644
index 9bcded0466f3b10fafd709edc44c60f85cb48b7f..cb006ae0e5be2f1d31261bdd36964229ec44416d 100644
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
@@ -84,6 +84,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@ -145,7 +145,7 @@ index c44a15fc358c28345302b1bf37fc4b111a77fe0e..3333cb70744dc7ef8b181d332b63766a
public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection, boolean transferred) {
this.state = ServerLoginPacketListenerImpl.State.HELLO;
@@ -176,6 +177,16 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@@ -182,6 +183,16 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
this.state = ServerLoginPacketListenerImpl.State.KEY;
this.connection.send(new ClientboundHelloPacket("", this.server.getKeyPair().getPublic().getEncoded(), this.challenge, true));
} else {
@ -162,7 +162,7 @@ index c44a15fc358c28345302b1bf37fc4b111a77fe0e..3333cb70744dc7ef8b181d332b63766a
// CraftBukkit start
// Paper start - Cache authenticator threads
authenticatorPool.execute(new Runnable() {
@@ -328,6 +339,12 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@@ -334,6 +345,12 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
// CraftBukkit start
private GameProfile callPlayerPreLoginEvents(GameProfile gameprofile) throws Exception { // Paper - Add more fields to AsyncPlayerPreLoginEvent
@ -175,7 +175,7 @@ index c44a15fc358c28345302b1bf37fc4b111a77fe0e..3333cb70744dc7ef8b181d332b63766a
String playerName = gameprofile.getName();
java.net.InetAddress address = ((java.net.InetSocketAddress) this.connection.getRemoteAddress()).getAddress();
java.util.UUID uniqueId = gameprofile.getId();
@@ -373,6 +390,51 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@@ -379,6 +396,51 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@Override
public void handleCustomQueryPacket(ServerboundCustomQueryAnswerPacket packet) {

View file

@ -352,10 +352,10 @@ index a08d9aa6e420f691795df9b627a9cd5b5c0112c5..52f537b7bfbdeaad9d17c0e88a1ed1c8
protected void initChannel(Channel channel) {
try {
diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
index 3333cb70744dc7ef8b181d332b63766aaaaad11f..765cf12c1558afd9686793b18388fc229c55d2d8 100644
index cb006ae0e5be2f1d31261bdd36964229ec44416d..b656741eb68adeb04bf995f1045902cb6bd5f2e7 100644
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
@@ -274,12 +274,14 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
@@ -280,12 +280,14 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener,
}
SecretKey secretkey = packet.getSecretKey(privatekey);