From e9a21993b2d33e5dee722c5eb4aa60bc38be8765 Mon Sep 17 00:00:00 2001
From: Zach Brown <1254957+zachbr@users.noreply.github.com>
Date: Mon, 18 Jul 2016 18:07:48 -0500
Subject: [PATCH] Less strict skull validation Fixes GH-367

---
 .../Less-strict-skull-validation.patch        | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 Spigot-Server-Patches/Less-strict-skull-validation.patch

diff --git a/Spigot-Server-Patches/Less-strict-skull-validation.patch b/Spigot-Server-Patches/Less-strict-skull-validation.patch
new file mode 100644
index 0000000000..efd8038deb
--- /dev/null
+++ b/Spigot-Server-Patches/Less-strict-skull-validation.patch
@@ -0,0 +1,42 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Zach Brown <1254957+zachbr@users.noreply.github.com>
+Date: Mon, 18 Jul 2016 17:57:36 -0500
+Subject: [PATCH] Less strict skull validation
+
+Spigot's solution removes all unsigned skins from Skulls. While this does work to achieve its original goal, it is often
+overzealous and removes many plugin created and other skulls. We can be more specific in our checks to avoid this.
+
+This does technically reveal how the exploit works, however given that it already appears to be well-known throughout
+malicious communities, and the current solution breaks legitimate skulls, we don't feel particularly bad about it this
+time.
+
+diff --git a/src/main/java/net/minecraft/server/ItemSkull.java b/src/main/java/net/minecraft/server/ItemSkull.java
+index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644
+--- a/src/main/java/net/minecraft/server/ItemSkull.java
++++ b/src/main/java/net/minecraft/server/ItemSkull.java
+@@ -0,0 +0,0 @@ public class ItemSkull extends Item {
+             boolean valid = true;
+ 
+             NBTTagList textures = nbttagcompound.getCompound("SkullOwner").getCompound("Properties").getList("textures", 10); // Safe due to method contracts
++            // Paper start - Less strict validation
++            for (NBTBase texture : textures.list) {
++                if (texture instanceof NBTTagCompound && !((NBTTagCompound) texture).hasKeyOfType("Signature", 8)) {
++                    if (((NBTTagCompound) texture).getString("Value").trim().length() > 0) {
++                        continue;
++                    }
++
++                    valid = false;
++                }
++            }
++            /*
+             for (int i = 0; i < textures.size(); i++) {
+                 if (textures.get(i) instanceof NBTTagCompound && !((NBTTagCompound) textures.get(i)).hasKeyOfType("Signature", 8)) {
+                     valid = false;
+                 }
+             }
++            */
++            // Paper end
+ 
+             if (!valid) {
+                 nbttagcompound.remove("SkullOwner");
+--
\ No newline at end of file