From aed7dcab984bd42621e5ef00e29c0f89fe3ec53c Mon Sep 17 00:00:00 2001 From: Nassim Jahnke Date: Sun, 28 Apr 2024 18:25:20 +0200 Subject: [PATCH] Fix overly strong name validation in player heads Closes #10477 --- patches/server/0663-Validate-usernames.patch | 35 +++++++++++-------- ...2-Add-Velocity-IP-Forwarding-Support.patch | 8 ++--- ...ocity-compression-and-cipher-natives.patch | 4 +-- 3 files changed, 27 insertions(+), 20 deletions(-) diff --git a/patches/server/0663-Validate-usernames.patch b/patches/server/0663-Validate-usernames.patch index 51eedf4f14..d3b04f3950 100644 --- a/patches/server/0663-Validate-usernames.patch +++ b/patches/server/0663-Validate-usernames.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Validate usernames diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java -index b968026728b8b4e549eed9fa9b43919c6c19eb7a..c44a15fc358c28345302b1bf37fc4b111a77fe0e 100644 +index b968026728b8b4e549eed9fa9b43919c6c19eb7a..9bcded0466f3b10fafd709edc44c60f85cb48b7f 100644 --- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java @@ -83,6 +83,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, @@ -16,12 +16,18 @@ index b968026728b8b4e549eed9fa9b43919c6c19eb7a..c44a15fc358c28345302b1bf37fc4b11 public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection, boolean transferred) { this.state = ServerLoginPacketListenerImpl.State.HELLO; -@@ -164,7 +165,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -164,7 +165,13 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, @Override public void handleHello(ServerboundHelloPacket packet) { Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]); - Validate.validState(StringUtil.isValidPlayerName(packet.name()), "Invalid characters in username", new Object[0]); -+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation && !this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation) Validate.validState(StringUtil.isValidPlayerName(packet.name()), "Invalid characters in username", new Object[0]); // Paper - config username validation ++ // Paper start - Validate usernames ++ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() ++ && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation ++ && !this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation) { ++ Validate.validState(StringUtil.isReasonablePlayerName(packet.name()), "Invalid characters in username", new Object[0]); ++ } ++ // Paper end - Validate usernames this.requestedUsername = packet.name(); GameProfile gameprofile = this.server.getSingleplayerProfile(); @@ -39,22 +45,21 @@ index d7bbdcc97745246718c92c9aba56d9f926897975..7406784899ba5f3575adf1ffe5e5d85a } } diff --git a/src/main/java/net/minecraft/util/StringUtil.java b/src/main/java/net/minecraft/util/StringUtil.java -index d3fc549a08993376c76c4ebebb788fea3f4ddf69..ae7ef47446c15b8a6878dd2d31b60cd0670eaf83 100644 +index d3fc549a08993376c76c4ebebb788fea3f4ddf69..0bd191acb9596d3aa21c337230d26f09d26f6888 100644 --- a/src/main/java/net/minecraft/util/StringUtil.java +++ b/src/main/java/net/minecraft/util/StringUtil.java -@@ -64,7 +64,23 @@ public class StringUtil { +@@ -67,6 +67,25 @@ public class StringUtil { + return name.length() <= 16 && name.chars().filter(c -> c <= 32 || c >= 127).findAny().isEmpty(); } - public static boolean isValidPlayerName(String name) { -- return name.length() <= 16 && name.chars().filter(c -> c <= 32 || c >= 127).findAny().isEmpty(); -+ // Paper start - username validation overriding -+ if (name == null || name.isEmpty() || name.length() > 16) { ++ // Paper start - Username validation ++ public static boolean isReasonablePlayerName(final String name) { ++ if (name.isEmpty() || name.length() > 16) { + return false; + } + + for (int i = 0, len = name.length(); i < len; ++i) { -+ char c = name.charAt(i); -+ ++ final char c = name.charAt(i); + if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) { + continue; + } @@ -63,7 +68,9 @@ index d3fc549a08993376c76c4ebebb788fea3f4ddf69..ae7ef47446c15b8a6878dd2d31b60cd0 + } + + return true; -+ // Paper end - username validation overriding - } - ++ } ++ // Paper end - Username validation ++ public static String filterText(String string) { + return filterText(string, false); + } diff --git a/patches/server/0752-Add-Velocity-IP-Forwarding-Support.patch b/patches/server/0752-Add-Velocity-IP-Forwarding-Support.patch index 0987d6a956..717824d206 100644 --- a/patches/server/0752-Add-Velocity-IP-Forwarding-Support.patch +++ b/patches/server/0752-Add-Velocity-IP-Forwarding-Support.patch @@ -134,7 +134,7 @@ index 784788d8d3d1a07efbd406b6c463e046699081e2..fdff82ed5dbf5176d470b9b6c41acfe6 DedicatedServer.LOGGER.warn("While this makes the game possible to play without internet access, it also opens up the ability for hackers to connect with any username they choose."); } diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java -index c44a15fc358c28345302b1bf37fc4b111a77fe0e..3333cb70744dc7ef8b181d332b63766aaaaad11f 100644 +index 9bcded0466f3b10fafd709edc44c60f85cb48b7f..cb006ae0e5be2f1d31261bdd36964229ec44416d 100644 --- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java @@ -84,6 +84,7 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, @@ -145,7 +145,7 @@ index c44a15fc358c28345302b1bf37fc4b111a77fe0e..3333cb70744dc7ef8b181d332b63766a public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection, boolean transferred) { this.state = ServerLoginPacketListenerImpl.State.HELLO; -@@ -176,6 +177,16 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -182,6 +183,16 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, this.state = ServerLoginPacketListenerImpl.State.KEY; this.connection.send(new ClientboundHelloPacket("", this.server.getKeyPair().getPublic().getEncoded(), this.challenge, true)); } else { @@ -162,7 +162,7 @@ index c44a15fc358c28345302b1bf37fc4b111a77fe0e..3333cb70744dc7ef8b181d332b63766a // CraftBukkit start // Paper start - Cache authenticator threads authenticatorPool.execute(new Runnable() { -@@ -328,6 +339,12 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -334,6 +345,12 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, // CraftBukkit start private GameProfile callPlayerPreLoginEvents(GameProfile gameprofile) throws Exception { // Paper - Add more fields to AsyncPlayerPreLoginEvent @@ -175,7 +175,7 @@ index c44a15fc358c28345302b1bf37fc4b111a77fe0e..3333cb70744dc7ef8b181d332b63766a String playerName = gameprofile.getName(); java.net.InetAddress address = ((java.net.InetSocketAddress) this.connection.getRemoteAddress()).getAddress(); java.util.UUID uniqueId = gameprofile.getId(); -@@ -373,6 +390,51 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -379,6 +396,51 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, @Override public void handleCustomQueryPacket(ServerboundCustomQueryAnswerPacket packet) { diff --git a/patches/server/1011-Use-Velocity-compression-and-cipher-natives.patch b/patches/server/1011-Use-Velocity-compression-and-cipher-natives.patch index 659e02628d..95f9b5544d 100644 --- a/patches/server/1011-Use-Velocity-compression-and-cipher-natives.patch +++ b/patches/server/1011-Use-Velocity-compression-and-cipher-natives.patch @@ -352,10 +352,10 @@ index a08d9aa6e420f691795df9b627a9cd5b5c0112c5..52f537b7bfbdeaad9d17c0e88a1ed1c8 protected void initChannel(Channel channel) { try { diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java -index 3333cb70744dc7ef8b181d332b63766aaaaad11f..765cf12c1558afd9686793b18388fc229c55d2d8 100644 +index cb006ae0e5be2f1d31261bdd36964229ec44416d..b656741eb68adeb04bf995f1045902cb6bd5f2e7 100644 --- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java -@@ -274,12 +274,14 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, +@@ -280,12 +280,14 @@ public class ServerLoginPacketListenerImpl implements ServerLoginPacketListener, } SecretKey secretkey = packet.getSecretKey(privatekey);