Fix nocom exploit (#114)

2024-06-26 12:01:45 +00:00 · 2023-07-03 22:12:08 -03:00 · 2023-07-03 22:12:08 -03:00 · 25eed98578
commit 25eed98578
parent 8bb5b4c152
3 changed files with 35 additions and 23 deletions
--- a/patches/server/0032-Validate-block-entity-entity-tag-query-positions.patch
+++ b/patches/server/0032-Validate-block-entity-entity-tag-query-positions.patch
@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Luna <lunahatesgogle@gmail.com>
+Date: Mon, 11 Jul 2022 17:29:12 -0300
+Subject: [PATCH] Validate block entity/entity tag query positions
+
+
+diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+index 682f3940659b48fd04e5ec65d5557a679eb8b267..f13b3e0a44b7a3f69fa7cc2e51ccb68c9d81082f 100644
+--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+@@ -1362,7 +1362,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
+         if (this.player.hasPermissions(2)) {
+             Entity entity = this.player.level().getEntity(packet.getEntityId());
+ 
+-            if (entity != null) {
+            if (entity != null && !isOutsideOfReach(entity.position().x, entity.position().y, entity.position().z)) { // Scissors - Validate block entity tag query positions
+                 CompoundTag nbttagcompound = entity.saveWithoutId(new CompoundTag());
+ 
+                 this.player.connection.send(new ClientboundTagQueryPacket(packet.getTransactionId(), nbttagcompound));
+@@ -1374,7 +1374,10 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
+     @Override
+     public void handleBlockEntityTagQuery(ServerboundBlockEntityTagQuery packet) {
+         PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
+-        if (this.player.hasPermissions(2)) {
+        // Scissors start - Validate block entity tag query positions
+        if (this.player.hasPermissions(2) && this.player.level().isLoadedAndInBounds(packet.getPos())
+            && !isOutsideOfReach(packet.getPos().getX(), packet.getPos().getY(), packet.getPos().getZ())) { 
+        // Scissors end
+             BlockEntity tileentity = this.player.level().getBlockEntity(packet.getPos());
+             CompoundTag nbttagcompound = tileentity != null ? tileentity.saveWithoutMetadata() : null;
+ 
--- a/patches/server/0032-Validate-block-entity-tag-query-positions.patch
+++ b/patches/server/0032-Validate-block-entity-tag-query-positions.patch
@ -1,19 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Luna <lunahatesgogle@gmail.com>
-Date: Mon, 11 Jul 2022 17:29:12 -0300
-Subject: [PATCH] Validate block entity tag query positions
-
-
-diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
-index 682f3940659b48fd04e5ec65d5557a679eb8b267..08e3e3a2085f23f890890adac5d6b575b9b2364f 100644
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
-+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
-@@ -1374,7 +1374,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
-     @Override
-     public void handleBlockEntityTagQuery(ServerboundBlockEntityTagQuery packet) {
-         PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
-        if (this.player.hasPermissions(2)) {
-+        if (this.player.hasPermissions(2) && this.player.level().isLoadedAndInBounds(packet.getPos())) { // Scissors - Validate block entity tag query positions
-             BlockEntity tileentity = this.player.level().getBlockEntity(packet.getPos());
-             CompoundTag nbttagcompound = tileentity != null ? tileentity.saveWithoutMetadata() : null;
- 
--- a/patches/server/0036-Add-configuration-option-to-disable-chat-signatures.patch
+++ b/patches/server/0036-Add-configuration-option-to-disable-chat-signatures.patch
@ -64,7 +64,7 @@ index c0a80824a0307ea673805015119cc834b268f0dc..9f28f86b1b56ea55ab39f6ac988c1f47
                     }
 
 diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
-index 8382d6c4589d2035fcb0ad410f442ead235059e4..f59b2ed4c3f8a4049223985e41537d5fa8bb2f0b 100644
+index f13b3e0a44b7a3f69fa7cc2e51ccb68c9d81082f..dabcf5d58b88df32b2540cd8474e80dd392a3ebc 100644
 --- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
 +++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
@@ -1,5 +1,6 @@
@ -74,7 +74,7 @@ index 8382d6c4589d2035fcb0ad410f442ead235059e4..f59b2ed4c3f8a4049223985e41537d5f
 import me.totalfreedom.scissors.event.player.SpectatorTeleportEvent; // Scissors
 import com.google.common.collect.Lists;
 import com.google.common.primitives.Floats;
-@@ -2322,7 +2323,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
+@@ -2325,7 +2326,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
     }
 
     private void handleMessageDecodeFailure(SignedMessageChain.DecodeException exception) {
@ -83,7 +83,7 @@ index 8382d6c4589d2035fcb0ad410f442ead235059e4..f59b2ed4c3f8a4049223985e41537d5f
             this.disconnect(exception.getComponent(), exception.kickCause); // Paper - kick event causes
         } else {
             this.player.sendSystemMessage(exception.getComponent().copy().withStyle(ChatFormatting.RED));
-@@ -2378,6 +2379,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
+@@ -2381,6 +2382,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
             Optional<LastSeenMessages> optional = this.lastSeenMessages.applyUpdate(acknowledgment);
 
             if (optional.isEmpty()) {
@ -91,7 +91,7 @@ index 8382d6c4589d2035fcb0ad410f442ead235059e4..f59b2ed4c3f8a4049223985e41537d5f
                 ServerGamePacketListenerImpl.LOGGER.warn("Failed to validate message acknowledgements from {}", this.player.getName().getString());
                 this.disconnect(ServerGamePacketListenerImpl.CHAT_VALIDATION_FAILED, org.bukkit.event.player.PlayerKickEvent.Cause.CHAT_VALIDATION_FAILED); // Paper - kick event causes
             }
-@@ -2613,6 +2615,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
+@@ -2616,6 +2618,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
 
         synchronized (this.lastSeenMessages) {
             if (!this.lastSeenMessages.applyOffset(packet.offset())) {