mirror of
https://github.com/PaperMC/Paper.git
synced 2025-01-11 12:31:34 +01:00
3c0d6aaed9
Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 0c7aedbc SPIGOT-7554, PR-954: Add DecoratedPotInventory CraftBukkit Changes: 53ebb05e3 SPIGOT-7554, PR-1323: Add DecoratedPotInventory 33a2d8773 Ensure that PlayerMoveEvent is always fired where applicable 7df18510f SPIGOT-7555: Don't cast ItemFlags to byte 19aec59ea Use provided case for non-existent OfflinePlayers Spigot Changes: e7ce55a3 Remove obsolete PlayerMoveEvent improvements 3e5e22c0 Remove obsolete lowercasing of non existent OfflinePlayer names
26 lines
1.9 KiB
Diff
26 lines
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Aikar <aikar@aikar.co>
|
|
Date: Sat, 2 May 2020 03:09:46 -0400
|
|
Subject: [PATCH] Validate PickItem Packet and kick for invalid
|
|
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
index d8285ff999cfea9a7b62e9914a7a7dfdae2ede76..3b1127ac1e30c809d290192319f8bc5f9de30b46 100644
|
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
@@ -867,7 +867,14 @@ public class ServerGamePacketListenerImpl extends ServerCommonPacketListenerImpl
|
|
@Override
|
|
public void handlePickItem(ServerboundPickItemPacket packet) {
|
|
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
|
|
- this.player.getInventory().pickSlot(packet.getSlot());
|
|
+ // Paper start - validate pick item position
|
|
+ if (!(packet.getSlot() >= 0 && packet.getSlot() < this.player.getInventory().items.size())) {
|
|
+ ServerGamePacketListenerImpl.LOGGER.warn("{} tried to set an invalid carried item", this.player.getName().getString());
|
|
+ this.disconnect("Invalid hotbar selection (Hacking?)");
|
|
+ return;
|
|
+ }
|
|
+ this.player.getInventory().pickSlot(packet.getSlot()); // Paper - Diff above if changed
|
|
+ // Paper end
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, this.player.getInventory().selected, this.player.getInventory().getItem(this.player.getInventory().selected)));
|
|
this.player.connection.send(new ClientboundContainerSetSlotPacket(-2, 0, packet.getSlot(), this.player.getInventory().getItem(packet.getSlot())));
|
|
this.player.connection.send(new ClientboundSetCarriedItemPacket(this.player.getInventory().selected));
|