mirror of
https://github.com/AtlasMediaGroup/Scissors.git
synced 2024-11-26 22:55:39 +00:00
Fix nocom exploit (#114)
This commit is contained in:
parent
8bb5b4c152
commit
25eed98578
@ -0,0 +1,31 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Luna <lunahatesgogle@gmail.com>
|
||||||
|
Date: Mon, 11 Jul 2022 17:29:12 -0300
|
||||||
|
Subject: [PATCH] Validate block entity/entity tag query positions
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
||||||
|
index 682f3940659b48fd04e5ec65d5557a679eb8b267..f13b3e0a44b7a3f69fa7cc2e51ccb68c9d81082f 100644
|
||||||
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
||||||
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
||||||
|
@@ -1362,7 +1362,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
||||||
|
if (this.player.hasPermissions(2)) {
|
||||||
|
Entity entity = this.player.level().getEntity(packet.getEntityId());
|
||||||
|
|
||||||
|
- if (entity != null) {
|
||||||
|
+ if (entity != null && !isOutsideOfReach(entity.position().x, entity.position().y, entity.position().z)) { // Scissors - Validate block entity tag query positions
|
||||||
|
CompoundTag nbttagcompound = entity.saveWithoutId(new CompoundTag());
|
||||||
|
|
||||||
|
this.player.connection.send(new ClientboundTagQueryPacket(packet.getTransactionId(), nbttagcompound));
|
||||||
|
@@ -1374,7 +1374,10 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
||||||
|
@Override
|
||||||
|
public void handleBlockEntityTagQuery(ServerboundBlockEntityTagQuery packet) {
|
||||||
|
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
|
||||||
|
- if (this.player.hasPermissions(2)) {
|
||||||
|
+ // Scissors start - Validate block entity tag query positions
|
||||||
|
+ if (this.player.hasPermissions(2) && this.player.level().isLoadedAndInBounds(packet.getPos())
|
||||||
|
+ && !isOutsideOfReach(packet.getPos().getX(), packet.getPos().getY(), packet.getPos().getZ())) {
|
||||||
|
+ // Scissors end
|
||||||
|
BlockEntity tileentity = this.player.level().getBlockEntity(packet.getPos());
|
||||||
|
CompoundTag nbttagcompound = tileentity != null ? tileentity.saveWithoutMetadata() : null;
|
||||||
|
|
@ -1,19 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Luna <lunahatesgogle@gmail.com>
|
|
||||||
Date: Mon, 11 Jul 2022 17:29:12 -0300
|
|
||||||
Subject: [PATCH] Validate block entity tag query positions
|
|
||||||
|
|
||||||
|
|
||||||
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
||||||
index 682f3940659b48fd04e5ec65d5557a679eb8b267..08e3e3a2085f23f890890adac5d6b575b9b2364f 100644
|
|
||||||
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
||||||
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
|
||||||
@@ -1374,7 +1374,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
|
||||||
@Override
|
|
||||||
public void handleBlockEntityTagQuery(ServerboundBlockEntityTagQuery packet) {
|
|
||||||
PacketUtils.ensureRunningOnSameThread(packet, this, this.player.serverLevel());
|
|
||||||
- if (this.player.hasPermissions(2)) {
|
|
||||||
+ if (this.player.hasPermissions(2) && this.player.level().isLoadedAndInBounds(packet.getPos())) { // Scissors - Validate block entity tag query positions
|
|
||||||
BlockEntity tileentity = this.player.level().getBlockEntity(packet.getPos());
|
|
||||||
CompoundTag nbttagcompound = tileentity != null ? tileentity.saveWithoutMetadata() : null;
|
|
||||||
|
|
@ -64,7 +64,7 @@ index c0a80824a0307ea673805015119cc834b268f0dc..9f28f86b1b56ea55ab39f6ac988c1f47
|
|||||||
}
|
}
|
||||||
|
|
||||||
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
||||||
index 8382d6c4589d2035fcb0ad410f442ead235059e4..f59b2ed4c3f8a4049223985e41537d5fa8bb2f0b 100644
|
index f13b3e0a44b7a3f69fa7cc2e51ccb68c9d81082f..dabcf5d58b88df32b2540cd8474e80dd392a3ebc 100644
|
||||||
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
||||||
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
|
||||||
@@ -1,5 +1,6 @@
|
@@ -1,5 +1,6 @@
|
||||||
@ -74,7 +74,7 @@ index 8382d6c4589d2035fcb0ad410f442ead235059e4..f59b2ed4c3f8a4049223985e41537d5f
|
|||||||
import me.totalfreedom.scissors.event.player.SpectatorTeleportEvent; // Scissors
|
import me.totalfreedom.scissors.event.player.SpectatorTeleportEvent; // Scissors
|
||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
import com.google.common.primitives.Floats;
|
import com.google.common.primitives.Floats;
|
||||||
@@ -2322,7 +2323,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
@@ -2325,7 +2326,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
||||||
}
|
}
|
||||||
|
|
||||||
private void handleMessageDecodeFailure(SignedMessageChain.DecodeException exception) {
|
private void handleMessageDecodeFailure(SignedMessageChain.DecodeException exception) {
|
||||||
@ -83,7 +83,7 @@ index 8382d6c4589d2035fcb0ad410f442ead235059e4..f59b2ed4c3f8a4049223985e41537d5f
|
|||||||
this.disconnect(exception.getComponent(), exception.kickCause); // Paper - kick event causes
|
this.disconnect(exception.getComponent(), exception.kickCause); // Paper - kick event causes
|
||||||
} else {
|
} else {
|
||||||
this.player.sendSystemMessage(exception.getComponent().copy().withStyle(ChatFormatting.RED));
|
this.player.sendSystemMessage(exception.getComponent().copy().withStyle(ChatFormatting.RED));
|
||||||
@@ -2378,6 +2379,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
@@ -2381,6 +2382,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
||||||
Optional<LastSeenMessages> optional = this.lastSeenMessages.applyUpdate(acknowledgment);
|
Optional<LastSeenMessages> optional = this.lastSeenMessages.applyUpdate(acknowledgment);
|
||||||
|
|
||||||
if (optional.isEmpty()) {
|
if (optional.isEmpty()) {
|
||||||
@ -91,7 +91,7 @@ index 8382d6c4589d2035fcb0ad410f442ead235059e4..f59b2ed4c3f8a4049223985e41537d5f
|
|||||||
ServerGamePacketListenerImpl.LOGGER.warn("Failed to validate message acknowledgements from {}", this.player.getName().getString());
|
ServerGamePacketListenerImpl.LOGGER.warn("Failed to validate message acknowledgements from {}", this.player.getName().getString());
|
||||||
this.disconnect(ServerGamePacketListenerImpl.CHAT_VALIDATION_FAILED, org.bukkit.event.player.PlayerKickEvent.Cause.CHAT_VALIDATION_FAILED); // Paper - kick event causes
|
this.disconnect(ServerGamePacketListenerImpl.CHAT_VALIDATION_FAILED, org.bukkit.event.player.PlayerKickEvent.Cause.CHAT_VALIDATION_FAILED); // Paper - kick event causes
|
||||||
}
|
}
|
||||||
@@ -2613,6 +2615,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
@@ -2616,6 +2618,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic
|
||||||
|
|
||||||
synchronized (this.lastSeenMessages) {
|
synchronized (this.lastSeenMessages) {
|
||||||
if (!this.lastSeenMessages.applyOffset(packet.offset())) {
|
if (!this.lastSeenMessages.applyOffset(packet.offset())) {
|
||||||
|
Loading…
Reference in New Issue
Block a user