From 70c16f6ffa0365a5031b8582095afa0ea0eb4307 Mon Sep 17 00:00:00 2001 From: Luna <90072930+LunaWasFlaggedAgain@users.noreply.github.com> Date: Wed, 14 Jun 2023 05:07:38 -0300 Subject: [PATCH] Fix ResourceLocation exploits (1.20.1) (#102) * Catch null ResourceLocations in CraftNamespacedKey * Some more ResourceLocation validation --- .../0049-Implement-command-block-events.patch | 24 ++++++------ ...ourceLocations-in-CraftNamespacedKey.patch | 18 +++++++++ ...ome-more-ResourceLocation-validation.patch | 37 +++++++++++++++++++ 3 files changed, 67 insertions(+), 12 deletions(-) create mode 100644 patches/server/0052-Catch-null-ResourceLocations-in-CraftNamespacedKey.patch create mode 100644 patches/server/0053-Some-more-ResourceLocation-validation.patch diff --git a/patches/server/0049-Implement-command-block-events.patch b/patches/server/0049-Implement-command-block-events.patch index 01f2850..b7d86dc 100644 --- a/patches/server/0049-Implement-command-block-events.patch +++ b/patches/server/0049-Implement-command-block-events.patch @@ -18,7 +18,7 @@ index c99fc118013cb3d4043638e2001a8297e79ddf9c..cdaa81e1f2167b29ec01cc25e51a8400 private final boolean trackOutput; diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java -index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b8c727e9d 100644 +index 26bf05922698c734302fa80076e7a1eadbfe1d8d..5422eb931d83f65d40be5fcca49b6d9e57eec735 100644 --- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java +++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java @@ -1,6 +1,8 @@ @@ -132,7 +132,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b ServerGamePacketListenerImpl.LOGGER.warn("{} moved too quickly! {},{},{}", new Object[]{this.player.getName().getString(), d6, d7, d8}); this.teleport(this.player.getX(), this.player.getY(), this.player.getZ(), this.player.getYRot(), this.player.getXRot()); return; -@@ -1976,7 +2008,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -1979,7 +2011,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic MutableComponent ichatmutablecomponent = Component.translatable("build.tooHigh", i - 1).withStyle(ChatFormatting.RED); this.player.sendSystemMessage(ichatmutablecomponent, true); @@ -141,7 +141,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b this.player.swing(enumhand, true); } } -@@ -2227,32 +2259,32 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -2230,32 +2262,32 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic // CraftBukkit end if (ServerGamePacketListenerImpl.isChatMessageIllegal(packet.message())) { this.server.scheduleOnMain(() -> { // Paper - push to main for event firing @@ -190,7 +190,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b // }); // CraftBukkit - async chat } -@@ -2263,7 +2295,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -2266,7 +2298,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic public void handleChatCommand(ServerboundChatCommandPacket packet) { if (ServerGamePacketListenerImpl.isChatMessageIllegal(packet.command())) { this.server.scheduleOnMain(() -> { // Paper - push to main for event firing @@ -199,7 +199,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b }); // Paper - push to main for event firing } else { Optional optional = this.tryHandleChat(packet.command(), packet.timeStamp(), packet.lastSeenMessages()); -@@ -2288,7 +2320,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -2291,7 +2323,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic // CraftBukkit start String command = "/" + packet.command(); if (org.spigotmc.SpigotConfig.logCommands) { // Paper @@ -208,7 +208,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b } // Paper PlayerCommandPreprocessEvent event = new PlayerCommandPreprocessEvent(this.getCraftPlayer(), command, new LazyPlayerSet(this.server)); -@@ -2353,7 +2385,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -2356,7 +2388,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic if (!this.updateChatOrder(timestamp)) { ServerGamePacketListenerImpl.LOGGER.warn("{} sent out-of-order chat: '{}': {} > {}", this.player.getName().getString(), message, this.lastChatTimeStamp.get().getEpochSecond(), timestamp.getEpochSecond()); // Paper this.server.scheduleOnMain(() -> { // Paper - push to main @@ -217,7 +217,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b }); // Paper - push to main return Optional.empty(); } else { -@@ -2424,7 +2456,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -2427,7 +2459,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic this.handleCommand(s); } else if (this.player.getChatVisibility() == ChatVisiblity.SYSTEM) { // Do nothing, this is coming from a plugin @@ -226,7 +226,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b } else if (true) { final ChatProcessor cp = new ChatProcessor(this.server, this.player, original, async); cp.process(); -@@ -2535,7 +2567,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -2538,7 +2570,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic // Paper End co.aikar.timings.MinecraftTimings.playerCommandTimer.startTiming(); // Paper if ( org.spigotmc.SpigotConfig.logCommands ) // Spigot @@ -235,7 +235,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b CraftPlayer player = this.getCraftPlayer(); -@@ -2614,16 +2646,16 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -2617,16 +2649,16 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic @Override public void handleChatAck(ServerboundChatAckPacket packet) { LastSeenMessagesValidator lastseenmessagesvalidator = this.lastSeenMessages; @@ -262,7 +262,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b } } -@@ -2862,7 +2894,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -2865,7 +2897,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic } if (event.isCancelled()) { @@ -271,7 +271,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b return; } // CraftBukkit end -@@ -3436,19 +3468,19 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -3439,19 +3471,19 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic itemstack = CraftItemStack.asNMSCopy(event.getCursor()); switch (event.getResult()) { @@ -304,7 +304,7 @@ index 757f20c0d546ab2ca9f32ca2c3733f36290d3a3d..127ed778733eb29f90416ae9c9f2ae0b } } // CraftBukkit end -@@ -3516,7 +3548,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic +@@ -3519,7 +3551,7 @@ public class ServerGamePacketListenerImpl implements ServerPlayerConnection, Tic } else if (!this.isSingleplayerOwner()) { // Paper start - This needs to be handled on the main thread for plugins server.submit(() -> { diff --git a/patches/server/0052-Catch-null-ResourceLocations-in-CraftNamespacedKey.patch b/patches/server/0052-Catch-null-ResourceLocations-in-CraftNamespacedKey.patch new file mode 100644 index 0000000..2aaf1ba --- /dev/null +++ b/patches/server/0052-Catch-null-ResourceLocations-in-CraftNamespacedKey.patch @@ -0,0 +1,18 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Luna +Date: Tue, 13 Jun 2023 18:29:18 -0300 +Subject: [PATCH] Catch null ResourceLocations in CraftNamespacedKey + + +diff --git a/src/main/java/org/bukkit/craftbukkit/util/CraftNamespacedKey.java b/src/main/java/org/bukkit/craftbukkit/util/CraftNamespacedKey.java +index 5014192edb9616ce725fc1592832034789527b6f..64da1b0afd51720803aba0d9e86d0b1743bdb0da 100644 +--- a/src/main/java/org/bukkit/craftbukkit/util/CraftNamespacedKey.java ++++ b/src/main/java/org/bukkit/craftbukkit/util/CraftNamespacedKey.java +@@ -21,6 +21,7 @@ public final class CraftNamespacedKey { + } + + public static NamespacedKey fromMinecraft(ResourceLocation minecraft) { ++ if (minecraft == null) throw new IllegalArgumentException("Null ResourceLocation provided"); // Scissors + return new NamespacedKey(minecraft.getNamespace(), minecraft.getPath()); + } + diff --git a/patches/server/0053-Some-more-ResourceLocation-validation.patch b/patches/server/0053-Some-more-ResourceLocation-validation.patch new file mode 100644 index 0000000..d44be25 --- /dev/null +++ b/patches/server/0053-Some-more-ResourceLocation-validation.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Luna +Date: Tue, 13 Jun 2023 18:37:56 -0300 +Subject: [PATCH] Some more ResourceLocation validation + + +diff --git a/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java b/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java +index 430810b9cc554dfb3bb0972c103c8a36e8db67ef..b2832c75beab2a1fa077b0317392b6aa46134ce6 100644 +--- a/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java ++++ b/src/main/java/net/minecraft/world/level/block/entity/AbstractFurnaceBlockEntity.java +@@ -300,7 +300,12 @@ public abstract class AbstractFurnaceBlockEntity extends BaseContainerBlockEntit + while (iterator.hasNext()) { + String s = (String) iterator.next(); + +- this.recipesUsed.put(new ResourceLocation(s), nbttagcompound1.getInt(s)); ++ // Scissors start ++ final ResourceLocation rl = ResourceLocation.tryParse(s); ++ if (rl != null) { ++ this.recipesUsed.put(rl, nbttagcompound1.getInt(s)); ++ } ++ // Scissors end + } + + // Paper start - cook speed API +diff --git a/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java b/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java +index 14ddb953176b02e7ac68401c5c03120f920739a1..c04d24930f03d91f341fb45bed3b8356890dce83 100644 +--- a/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java ++++ b/src/main/java/net/minecraft/world/level/block/entity/BrushableBlockEntity.java +@@ -199,7 +199,7 @@ public class BrushableBlockEntity extends BlockEntity { + + private boolean tryLoadLootTable(CompoundTag nbt) { + if (nbt.contains("LootTable", 8)) { +- this.lootTable = new ResourceLocation(nbt.getString("LootTable")); ++ this.lootTable = ResourceLocation.tryParse(nbt.getString("LootTable")); // Scissors + this.lootTableSeed = nbt.getLong("LootTableSeed"); + return true; + } else {