From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Thinkofdeath Date: Wed, 2 Jul 2014 23:35:51 +0100 Subject: [PATCH] Better item validation diff --git a/src/main/java/net/minecraft/server/DataWatcher.java b/src/main/java/net/minecraft/server/DataWatcher.java index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644 --- a/src/main/java/net/minecraft/server/DataWatcher.java +++ b/src/main/java/net/minecraft/server/DataWatcher.java @@ -0,0 +0,0 @@ public class DataWatcher { arraylist = Lists.newArrayList(); } + // Spigot start - copy ItemStacks to prevent ConcurrentModificationExceptions + if ( datawatcher_watchableobject.b() instanceof ItemStack ) + { + datawatcher_watchableobject = new WatchableObject( + datawatcher_watchableobject.c(), + datawatcher_watchableobject.a(), + ( (ItemStack) datawatcher_watchableobject.b() ).cloneItemStack() + ); + } + // Spigot end + arraylist.add(datawatcher_watchableobject); } } @@ -0,0 +0,0 @@ public class DataWatcher { this.f.readLock().lock(); arraylist.addAll(this.dataValues.valueCollection()); // Spigot + // Spigot start - copy ItemStacks to prevent ConcurrentModificationExceptions + for ( int i = 0; i < arraylist.size(); i++ ) + { + WatchableObject watchableobject = (WatchableObject) arraylist.get( i ); + if ( watchableobject.b() instanceof ItemStack ) + { + watchableobject = new WatchableObject( + watchableobject.c(), + watchableobject.a(), + ( (ItemStack) watchableobject.b() ).cloneItemStack() + ); + arraylist.set( i, watchableobject ); + } + } + // Spigot end this.f.readLock().unlock(); return arraylist; diff --git a/src/main/java/net/minecraft/server/PacketDataSerializer.java b/src/main/java/net/minecraft/server/PacketDataSerializer.java index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644 --- a/src/main/java/net/minecraft/server/PacketDataSerializer.java +++ b/src/main/java/net/minecraft/server/PacketDataSerializer.java @@ -0,0 +0,0 @@ public class PacketDataSerializer extends ByteBuf { NBTTagCompound nbttagcompound = null; if (itemstack.getItem().usesDurability() || itemstack.getItem().p()) { + // Spigot start - filter + itemstack = itemstack.cloneItemStack(); + CraftItemStack.setItemMeta(itemstack, CraftItemStack.getItemMeta(itemstack)); + // Spigot end nbttagcompound = itemstack.getTag(); } diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644 --- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java +++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaBook.java @@ -0,0 +0,0 @@ import net.minecraft.server.IChatBaseComponent; import net.minecraft.server.NBTTagString; import org.bukkit.craftbukkit.util.CraftChatMessage; +// Spigot start +import static org.spigotmc.ValidateUtils.*; +// Spigot end + @DelegateDeserialization(SerializableMeta.class) public class CraftMetaBook extends CraftMetaItem implements BookMeta { static final ItemMetaKey BOOK_TITLE = new ItemMetaKey("title"); @@ -0,0 +0,0 @@ public class CraftMetaBook extends CraftMetaItem implements BookMeta { super(tag); if (tag.hasKey(BOOK_TITLE.NBT)) { - this.title = tag.getString(BOOK_TITLE.NBT); + this.title = limit( tag.getString(BOOK_TITLE.NBT), 1024 ); // Spigot } if (tag.hasKey(BOOK_AUTHOR.NBT)) { - this.author = tag.getString(BOOK_AUTHOR.NBT); + this.author = limit( tag.getString(BOOK_AUTHOR.NBT), 1024 ); // Spigot } boolean resolved = false; @@ -0,0 +0,0 @@ public class CraftMetaBook extends CraftMetaItem implements BookMeta { // Ignore and treat as an old book } } - addPage(page); + addPage( limit( page, 2048 ) ); // Spigot } } } diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644 --- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java +++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftMetaItem.java @@ -0,0 +0,0 @@ import java.util.logging.Logger; import net.minecraft.server.NBTCompressedStreamTools; import org.apache.commons.codec.binary.Base64; +// Spigot start +import static org.spigotmc.ValidateUtils.*; +// Spigot end + /** * Children must include the following: * @@ -0,0 +0,0 @@ class CraftMetaItem implements ItemMeta, Repairable { NBTTagCompound display = tag.getCompound(DISPLAY.NBT); if (display.hasKey(NAME.NBT)) { - displayName = display.getString(NAME.NBT); + displayName = limit( display.getString(NAME.NBT), 1024 ); // Spigot } if (display.hasKey(LORE.NBT)) { @@ -0,0 +0,0 @@ class CraftMetaItem implements ItemMeta, Repairable { lore = new ArrayList(list.size()); for (int index = 0; index < list.size(); index++) { - String line = list.getString(index); + String line = limit( list.getString(index), 1024 ); // Spigot lore.add(line); } } diff --git a/src/main/java/org/spigotmc/ValidateUtils.java b/src/main/java/org/spigotmc/ValidateUtils.java new file mode 100644 index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 --- /dev/null +++ b/src/main/java/org/spigotmc/ValidateUtils.java @@ -0,0 +0,0 @@ +package org.spigotmc; + +public class ValidateUtils +{ + + public static String limit(String str, int limit) + { + if ( str.length() > limit ) + { + return str.substring( 0, limit ); + } + return str; + } +} --