From 63e980e13bb801068cc061a1ef8d8916500a4b0f Mon Sep 17 00:00:00 2001 From: Allink <44676012+allinkdev@users.noreply.github.com> Date: Sat, 20 Aug 2022 03:12:18 +0100 Subject: [PATCH] Fix issue where OOB entity patch causes server to generate OOB chunks (#63) --- ...ch => 0032-Add-MasterBlockFireEvent.patch} | 0 ...intings-and-similar-entity-OOB-explo.patch | 231 ------------------ ...> 0033-Add-spectator-teleport-event.patch} | 2 +- ...34-Prevent-invalid-container-events.patch} | 0 ...ot-attempt-to-cast-items-to-recipes.patch} | 0 ...Scissors-configuration-file-command.patch} | 0 ...unning-commands-in-books-by-default.patch} | 0 ...te-block-entity-tag-query-positions.patch} | 2 +- ...ents-on-Signs-bypassing-permissions.patch} | 0 ...-legacy-messages-over-1k-characters.patch} | 0 ...e-paintings-are-able-to-spawn-out-of.patch | 25 ++ 11 files changed, 27 insertions(+), 233 deletions(-) rename patches/server/{0033-Add-MasterBlockFireEvent.patch => 0032-Add-MasterBlockFireEvent.patch} (100%) delete mode 100644 patches/server/0032-Prevent-crash-paintings-and-similar-entity-OOB-explo.patch rename patches/server/{0034-Add-spectator-teleport-event.patch => 0033-Add-spectator-teleport-event.patch} (94%) rename patches/server/{0035-Prevent-invalid-container-events.patch => 0034-Prevent-invalid-container-events.patch} (100%) rename patches/server/{0036-Do-not-attempt-to-cast-items-to-recipes.patch => 0035-Do-not-attempt-to-cast-items-to-recipes.patch} (100%) rename patches/server/{0037-Add-Scissors-configuration-file-command.patch => 0036-Add-Scissors-configuration-file-command.patch} (100%) rename patches/server/{0038-Disable-running-commands-in-books-by-default.patch => 0037-Disable-running-commands-in-books-by-default.patch} (100%) rename patches/server/{0039-Validate-block-entity-tag-query-positions.patch => 0038-Validate-block-entity-tag-query-positions.patch} (92%) rename patches/server/{0040-Fix-ClickEvents-on-Signs-bypassing-permissions.patch => 0039-Fix-ClickEvents-on-Signs-bypassing-permissions.patch} (100%) rename patches/server/{0041-Refuse-to-convert-legacy-messages-over-1k-characters.patch => 0040-Refuse-to-convert-legacy-messages-over-1k-characters.patch} (100%) create mode 100644 patches/server/0041-Fix-exploit-where-paintings-are-able-to-spawn-out-of.patch diff --git a/patches/server/0033-Add-MasterBlockFireEvent.patch b/patches/server/0032-Add-MasterBlockFireEvent.patch similarity index 100% rename from patches/server/0033-Add-MasterBlockFireEvent.patch rename to patches/server/0032-Add-MasterBlockFireEvent.patch diff --git a/patches/server/0032-Prevent-crash-paintings-and-similar-entity-OOB-explo.patch b/patches/server/0032-Prevent-crash-paintings-and-similar-entity-OOB-explo.patch deleted file mode 100644 index 5a1dd52..0000000 --- a/patches/server/0032-Prevent-crash-paintings-and-similar-entity-OOB-explo.patch +++ /dev/null @@ -1,231 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Allink -Date: Sun, 22 May 2022 21:15:51 -0500 -Subject: [PATCH] Prevent crash paintings and similar entity OOB exploits - - -diff --git a/src/main/java/com/github/atlasmediagroup/scissors/MathUtility.java b/src/main/java/com/github/atlasmediagroup/scissors/MathUtility.java -new file mode 100644 -index 0000000000000000000000000000000000000000..7965cf3abd02d415dd0e71a0de73987e5fdf11ec ---- /dev/null -+++ b/src/main/java/com/github/atlasmediagroup/scissors/MathUtility.java -@@ -0,0 +1,29 @@ -+package com.github.atlasmediagroup.scissors; -+ -+public class MathUtility -+{ -+ public static int clampInt(int number, int minimum, int maximum) -+ { -+ return Math.min(Math.max(number, minimum), maximum); -+ } -+ -+ public static long clampLong(long number, long minimum, long maximum) -+ { -+ return Math.min(Math.max(number, minimum), maximum); -+ } -+ -+ public static double clampDouble(double number, double minimum, double maximum) -+ { -+ return Math.min(Math.max(number, minimum), maximum); -+ } -+ -+ public static int safeDoubleToInt(double number) -+ { -+ return (int) clampDouble(number, Integer.MIN_VALUE, Integer.MAX_VALUE); -+ } -+ -+ public static int safeLongToInt(long number) -+ { -+ return (int) clampLong(number, Integer.MIN_VALUE, Integer.MAX_VALUE); -+ } -+} -diff --git a/src/main/java/com/github/atlasmediagroup/scissors/NbtUtility.java b/src/main/java/com/github/atlasmediagroup/scissors/NbtUtility.java -index 978cb98c81195640fb3704d2077148f2be0dca36..59a4ff3593e74f72c3843554c2e14b82912c0a54 100644 ---- a/src/main/java/com/github/atlasmediagroup/scissors/NbtUtility.java -+++ b/src/main/java/com/github/atlasmediagroup/scissors/NbtUtility.java -@@ -1,13 +1,9 @@ - package com.github.atlasmediagroup.scissors; - --import com.google.common.base.Strings; --import com.google.common.collect.Lists; - import net.minecraft.nbt.*; - - import javax.annotation.Nullable; - import java.nio.charset.StandardCharsets; --import java.util.Collections; --import java.util.List; - - public class NbtUtility - { -diff --git a/src/main/java/com/github/atlasmediagroup/scissors/PositionUtility.java b/src/main/java/com/github/atlasmediagroup/scissors/PositionUtility.java -new file mode 100644 -index 0000000000000000000000000000000000000000..fd22a200e070ca5a594802d2f201c6b27d6cddcf ---- /dev/null -+++ b/src/main/java/com/github/atlasmediagroup/scissors/PositionUtility.java -@@ -0,0 +1,83 @@ -+package com.github.atlasmediagroup.scissors; -+ -+import net.minecraft.core.BlockPos; -+import net.minecraft.world.entity.Entity; -+import net.minecraft.world.level.Level; -+import net.minecraft.world.level.border.WorldBorder; -+import net.minecraft.world.phys.Vec3; -+ -+public class PositionUtility -+{ -+ public static Vec3 getValidVec3(double x, double y, double z, Entity entity) -+ { -+ final Level level = entity.level; -+ -+ try -+ { -+ if (level.isInWorldBounds(new BlockPos(Math.floor(MathUtility.safeDoubleToInt(x)), Math.floor(MathUtility.safeDoubleToInt(y)), Math.floor(MathUtility.safeDoubleToInt(z))))) -+ { -+ return new Vec3(x, y, z); -+ } -+ else -+ { -+ final WorldBorder worldBorder = level.getWorldBorder(); -+ -+ final double maxX = worldBorder.getMaxX(); -+ final double maxY = level.getMaxBuildHeight(); -+ final double maxZ = worldBorder.getMaxZ(); -+ -+ final double minX = worldBorder.getMinX(); -+ final double minY = level.getMinBuildHeight(); -+ final double minZ = worldBorder.getMinZ(); -+ -+ return new Vec3(MathUtility.clampDouble(x, minX, maxX), MathUtility.clampDouble(y, minY, maxY), MathUtility.clampDouble(z, minZ, maxZ)); -+ } -+ } -+ catch (Exception e) -+ { // If we throw some sort of exception due to the position being crazy, catch it -+ return new Vec3(0, 0, 0); -+ } -+ } -+ -+ public static Vec3 getValidVec3FromBlockPos(BlockPos blockPos, Entity entity) -+ { -+ final BlockPos validBlockPos = getValidBlockPos(blockPos, entity); -+ -+ return new Vec3(validBlockPos.getX(), validBlockPos.getY(), validBlockPos.getZ()); -+ } -+ -+ public static BlockPos getValidBlockPos(BlockPos blockPos, Entity entity) -+ { -+ final Level level = entity.level; -+ -+ try -+ { -+ if (level.isInWorldBounds(blockPos)) -+ { -+ return blockPos; -+ } -+ else -+ { -+ final int x = blockPos.getX(); -+ final int y = blockPos.getY(); -+ final int z = blockPos.getZ(); -+ -+ final WorldBorder worldBorder = level.getWorldBorder(); -+ -+ final int maxX = MathUtility.safeDoubleToInt(worldBorder.getMaxX()); -+ final int maxY = level.getMaxBuildHeight(); -+ final int maxZ = MathUtility.safeDoubleToInt(worldBorder.getMaxZ()); -+ -+ final int minX = MathUtility.safeDoubleToInt(worldBorder.getMinX()); -+ final int minY = level.getMinBuildHeight(); -+ final int minZ = MathUtility.safeDoubleToInt(worldBorder.getMinZ()); -+ -+ return new BlockPos(MathUtility.clampInt(x, minX, maxX), MathUtility.clampInt(y, minY, maxY), MathUtility.clampInt(z, minZ, maxZ)); -+ } -+ } -+ catch (Exception e) -+ { // If we throw some sort of exception due to the position being crazy, catch it -+ return new BlockPos(0, 0, 0); -+ } -+ } -+} -diff --git a/src/main/java/net/minecraft/world/entity/Entity.java b/src/main/java/net/minecraft/world/entity/Entity.java -index 876e8f83fab4e255959948e59cabf05478446e4d..886451893fbc30576249ca6816c2579127acfe06 100644 ---- a/src/main/java/net/minecraft/world/entity/Entity.java -+++ b/src/main/java/net/minecraft/world/entity/Entity.java -@@ -1,5 +1,6 @@ - package net.minecraft.world.entity; - -+import com.github.atlasmediagroup.scissors.PositionUtility; - import com.google.common.collect.ImmutableList; - import com.google.common.collect.ImmutableList.Builder; - import com.google.common.collect.Iterables; -@@ -1775,6 +1776,13 @@ public abstract class Entity implements Nameable, EntityAccess, CommandSource { - } - - public void moveTo(double x, double y, double z, float yaw, float pitch) { -+ // Scissors start - Reassign x, y & z to make sure entities can't move out of the world border -+ Vec3 vec3 = PositionUtility.getValidVec3(x, y, z, this); -+ x = vec3.x; -+ y = vec3.y; -+ z = vec3.z; -+ // Scissors end -+ - // Paper - cancel entity velocity if teleported - if (!preserveMotion) { - this.deltaMovement = Vec3.ZERO; -@@ -3209,6 +3217,10 @@ public abstract class Entity implements Nameable, EntityAccess, CommandSource { - - @Nullable - public Entity teleportTo(ServerLevel worldserver, BlockPos location) { -+ // Scissors start - Reassign location to a safe value -+ location = PositionUtility.getValidBlockPos(location, this); -+ // Scissors end -+ - // CraftBukkit end - // Paper start - fix bad state entities causing dupes - if (!isAlive() || !valid) { -@@ -4103,6 +4115,13 @@ public abstract class Entity implements Nameable, EntityAccess, CommandSource { - this.setPosRaw(x, y, z, false); - } - public final void setPosRaw(double x, double y, double z, boolean forceBoundingBoxUpdate) { -+ // Scissors start - Reassign x, y & z to prevent entities from moving outside the world border -+ Vec3 vec = PositionUtility.getValidVec3(x, y, z, this); -+ x = vec.x; -+ y = vec.y; -+ z = vec.z; -+ // Scissors end -+ - // Paper start - block invalid positions - if (!checkPosition(this, x, y, z)) { - return; -diff --git a/src/main/java/net/minecraft/world/entity/decoration/HangingEntity.java b/src/main/java/net/minecraft/world/entity/decoration/HangingEntity.java -index 2805ebfe4ffe769bcde778a1225b3101c91538d8..7c988395567c170d825af2bd99121f2d4d05cd8d 100644 ---- a/src/main/java/net/minecraft/world/entity/decoration/HangingEntity.java -+++ b/src/main/java/net/minecraft/world/entity/decoration/HangingEntity.java -@@ -1,5 +1,6 @@ - package net.minecraft.world.entity.decoration; - -+import com.github.atlasmediagroup.scissors.PositionUtility; - import java.util.function.Predicate; - import javax.annotation.Nullable; - import net.minecraft.core.BlockPos; -@@ -265,7 +266,9 @@ public abstract class HangingEntity extends Entity { - - @Override - public void readAdditionalSaveData(CompoundTag nbt) { -- this.pos = new BlockPos(nbt.getInt("TileX"), nbt.getInt("TileY"), nbt.getInt("TileZ")); -+ // Scissors start - Stop this stupid bullshit -+ this.pos = PositionUtility.getValidBlockPos(new BlockPos(nbt.getInt("TileX"), nbt.getInt("TileY"), nbt.getInt("TileZ")), this); -+ // Scissors end - } - - public abstract int getWidth(); -@@ -292,7 +295,9 @@ public abstract class HangingEntity extends Entity { - - @Override - public void setPos(double x, double y, double z) { -- this.pos = new BlockPos(x, y, z); -+ // Scissors start - Fix this stupid bullshit -+ this.pos = PositionUtility.getValidBlockPos(new BlockPos(x, y, z), this); -+ // Scissors end - this.recalculateBoundingBox(); - this.hasImpulse = true; - } diff --git a/patches/server/0034-Add-spectator-teleport-event.patch b/patches/server/0033-Add-spectator-teleport-event.patch similarity index 94% rename from patches/server/0034-Add-spectator-teleport-event.patch rename to patches/server/0033-Add-spectator-teleport-event.patch index 60dafb9..d251834 100644 --- a/patches/server/0034-Add-spectator-teleport-event.patch +++ b/patches/server/0033-Add-spectator-teleport-event.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Add spectator teleport event diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java -index 1901a14556b197b70a2e8bb46d07a216d5d6c07e..047eef16aa457757f968e2210dcba03207cf7448 100644 +index 64c438459f150af1cabdd3cea29c2951d42d69a0..b0bd0412010320cc624535d6abffe417a135a4dc 100644 --- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java @@ -1,5 +1,6 @@ diff --git a/patches/server/0035-Prevent-invalid-container-events.patch b/patches/server/0034-Prevent-invalid-container-events.patch similarity index 100% rename from patches/server/0035-Prevent-invalid-container-events.patch rename to patches/server/0034-Prevent-invalid-container-events.patch diff --git a/patches/server/0036-Do-not-attempt-to-cast-items-to-recipes.patch b/patches/server/0035-Do-not-attempt-to-cast-items-to-recipes.patch similarity index 100% rename from patches/server/0036-Do-not-attempt-to-cast-items-to-recipes.patch rename to patches/server/0035-Do-not-attempt-to-cast-items-to-recipes.patch diff --git a/patches/server/0037-Add-Scissors-configuration-file-command.patch b/patches/server/0036-Add-Scissors-configuration-file-command.patch similarity index 100% rename from patches/server/0037-Add-Scissors-configuration-file-command.patch rename to patches/server/0036-Add-Scissors-configuration-file-command.patch diff --git a/patches/server/0038-Disable-running-commands-in-books-by-default.patch b/patches/server/0037-Disable-running-commands-in-books-by-default.patch similarity index 100% rename from patches/server/0038-Disable-running-commands-in-books-by-default.patch rename to patches/server/0037-Disable-running-commands-in-books-by-default.patch diff --git a/patches/server/0039-Validate-block-entity-tag-query-positions.patch b/patches/server/0038-Validate-block-entity-tag-query-positions.patch similarity index 92% rename from patches/server/0039-Validate-block-entity-tag-query-positions.patch rename to patches/server/0038-Validate-block-entity-tag-query-positions.patch index d0c79a4..282c826 100644 --- a/patches/server/0039-Validate-block-entity-tag-query-positions.patch +++ b/patches/server/0038-Validate-block-entity-tag-query-positions.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Validate block entity tag query positions diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java -index 0d8d28a324b4bf093d7318be71eb67bb0dad9429..fe549835e0dc0b6c06a16e7471f53170f1d9c7b0 100644 +index 65e9791d7e613d039f93184cde717bff8e97000c..2e6e1af5244202e0bc77b443f089b4f3016be8ac 100644 --- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java @@ -1273,7 +1273,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Ser diff --git a/patches/server/0040-Fix-ClickEvents-on-Signs-bypassing-permissions.patch b/patches/server/0039-Fix-ClickEvents-on-Signs-bypassing-permissions.patch similarity index 100% rename from patches/server/0040-Fix-ClickEvents-on-Signs-bypassing-permissions.patch rename to patches/server/0039-Fix-ClickEvents-on-Signs-bypassing-permissions.patch diff --git a/patches/server/0041-Refuse-to-convert-legacy-messages-over-1k-characters.patch b/patches/server/0040-Refuse-to-convert-legacy-messages-over-1k-characters.patch similarity index 100% rename from patches/server/0041-Refuse-to-convert-legacy-messages-over-1k-characters.patch rename to patches/server/0040-Refuse-to-convert-legacy-messages-over-1k-characters.patch diff --git a/patches/server/0041-Fix-exploit-where-paintings-are-able-to-spawn-out-of.patch b/patches/server/0041-Fix-exploit-where-paintings-are-able-to-spawn-out-of.patch new file mode 100644 index 0000000..028a186 --- /dev/null +++ b/patches/server/0041-Fix-exploit-where-paintings-are-able-to-spawn-out-of.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Allink +Date: Sat, 20 Aug 2022 03:01:56 +0100 +Subject: [PATCH] Fix exploit where paintings are able to spawn out of bounds + + +diff --git a/src/main/java/net/minecraft/world/entity/decoration/HangingEntity.java b/src/main/java/net/minecraft/world/entity/decoration/HangingEntity.java +index 2805ebfe4ffe769bcde778a1225b3101c91538d8..3c4bfad55e438c5e723ef58c9cc24908af9e0846 100644 +--- a/src/main/java/net/minecraft/world/entity/decoration/HangingEntity.java ++++ b/src/main/java/net/minecraft/world/entity/decoration/HangingEntity.java +@@ -265,7 +265,13 @@ public abstract class HangingEntity extends Entity { + + @Override + public void readAdditionalSaveData(CompoundTag nbt) { +- this.pos = new BlockPos(nbt.getInt("TileX"), nbt.getInt("TileY"), nbt.getInt("TileZ")); ++ // Scissors start - Fix exploit where paintings are able to spawn out of bounds ++ final BlockPos pos = new BlockPos(nbt.getInt("TileX"), nbt.getInt("TileY"), nbt.getInt("TileZ")); ++ if (this.level.isLoadedAndInBounds(pos)) ++ { ++ this.pos = pos; ++ } ++ // Scissors end + } + + public abstract int getWidth();