PaperMC/patches/server/0791-Validate-usernames.patch
Nassim Jahnke 928bcc8d3a
Updated Upstream (Bukkit/CraftBukkit) (#8430)
Upstream has released updates that appear to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

Bukkit Changes:
09943450 Update SnakeYAML version
5515734f SPIGOT-7162: Incorrect description for Entity#getVehicle javadoc
6f82b381 PR-788: Add getHand() to all relevant events

CraftBukkit Changes:
aaf484f6f SPIGOT-7163: CraftMerchantRecipe doesn't copy demand and specialPrice from BukkitMerchantRecipe
5329dd6fd PR-1107: Add getHand() to all relevant events
93061706e SPIGOT-7045: Ocelots never spawn with babies with spawn reason OCELOT_BABY
2022-10-02 09:56:36 +02:00

70 lines
3.8 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Spottedleaf <Spottedleaf@users.noreply.github.com>
Date: Sat, 1 Jan 2022 05:19:37 -0800
Subject: [PATCH] Validate usernames
diff --git a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
index b87bd1c2d3a371e2fca1d0bff6d0985188b22584..64e2004e023f79d28c400f7182b0ffa93789620d 100644
--- a/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerLoginPacketListenerImpl.java
@@ -66,6 +66,7 @@ public class ServerLoginPacketListenerImpl implements TickablePacketListener, Se
@Nullable
private ProfilePublicKey.Data profilePublicKeyData;
public String hostname = ""; // CraftBukkit - add field
+ public boolean iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation = false; // Paper - username validation overriding
public ServerLoginPacketListenerImpl(MinecraftServer server, Connection connection) {
this.state = ServerLoginPacketListenerImpl.State.HELLO;
@@ -245,10 +246,38 @@ public class ServerLoginPacketListenerImpl implements TickablePacketListener, Se
}
}
+ // Paper start - validate usernames
+ public static boolean validateUsername(String in) {
+ if (in == null || in.isEmpty() || in.length() > 16) {
+ return false;
+ }
+
+ for (int i = 0, len = in.length(); i < len; ++i) {
+ char c = in.charAt(i);
+
+ if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '_' || c == '.')) {
+ continue;
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+ // Paper end - validate usernames
+
@Override
public void handleHello(ServerboundHelloPacket packet) {
Validate.validState(this.state == ServerLoginPacketListenerImpl.State.HELLO, "Unexpected hello packet", new Object[0]);
Validate.validState(ServerLoginPacketListenerImpl.isValidUsername(packet.name()), "Invalid characters in username", new Object[0]);
+ // Paper start - validate usernames
+ if (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && io.papermc.paper.configuration.GlobalConfiguration.get().unsupportedSettings.performUsernameValidation) {
+ if (!this.iKnowThisMayNotBeTheBestIdeaButPleaseDisableUsernameValidation && !validateUsername(packet.name())) {
+ ServerLoginPacketListenerImpl.this.disconnect("Failed to verify username!");
+ return;
+ }
+ }
+ // Paper end - validate usernames
this.profilePublicKeyData = (ProfilePublicKey.Data) packet.publicKey().orElse(null); // CraftBukkit - decompile error
GameProfile gameprofile = this.server.getSingleplayerProfile();
diff --git a/src/main/java/net/minecraft/server/players/PlayerList.java b/src/main/java/net/minecraft/server/players/PlayerList.java
index 4277f7fdd8f27e57708a8dee59bf1b9052a1ebe4..133bf27e301aa5815cc7d7e275b2b08cdc6e4392 100644
--- a/src/main/java/net/minecraft/server/players/PlayerList.java
+++ b/src/main/java/net/minecraft/server/players/PlayerList.java
@@ -714,7 +714,7 @@ public abstract class PlayerList {
for (int i = 0; i < this.players.size(); ++i) {
entityplayer = (ServerPlayer) this.players.get(i);
- if (entityplayer.getUUID().equals(uuid)) {
+ if (entityplayer.getUUID().equals(uuid) || (io.papermc.paper.configuration.GlobalConfiguration.get().proxies.isProxyOnlineMode() && entityplayer.getGameProfile().getName().equalsIgnoreCase(gameprofile.getName()))) { // Paper - validate usernames
list.add(entityplayer);
}
}