62 Commits

Author SHA1 Message Date
Allink
106edf19b7
Prevent crash paintings and similar entity OOB exploits 2022-05-17 07:01:13 +01:00
Allink
236e8a95a3
Don't log invalid teams to console 2022-05-17 06:00:19 +01:00
Luna
9e244f52c9
Optimize getTagSize method in NbtUtility (#15)
The getAsString method which was used before uses StringTagVisitor,
which takes way too long.
2022-05-02 17:39:35 -06:00
Allink
61fd911106
Account for large items inside containers & add more methods to NbtUtility (#14) 2022-05-01 02:37:23 -06:00
Allink
6f32742d79
Fix a few of my patches being formatted incorrectly & fix the Minecart/Boat lag/crash exploit (#13)
* Fix a few of my patches being formatted incorrectly

* Limit amount of vehicle collision checks to 3 and discard vehicles if they collide with more than 15 other entities
2022-04-28 01:55:02 -06:00
dc1a5399f7 Futureproof the auto updater 2022-04-22 03:26:08 -05:00
Business Goose
39916e2102
Fix negative death times 2022-04-19 11:56:30 +01:00
Allink
c2618f2522
Reset large tags (#11) 2022-04-18 17:20:08 -06:00
d120903a36 Get branch for version checking automatically 2022-04-18 17:23:52 -05:00
5be5c364cd Update Paper 2022-04-14 20:07:20 -05:00
Video
42ce42b668 Fixes creative-killing potion effects and certain potion effect overflows 2022-04-11 13:38:34 -06:00
Video
a9cc494a94 Backport patch 888 from the regular Paper 2022-04-10 15:58:40 -06:00
Luna
d4a73a9b3f
Limit ListTags to 1024 elements (#9)
* Limit ListTags to 1024 elements

* a
2022-04-09 18:06:20 -06:00
Video
ecfd11a180 Don't query NBT from players in the nbt text component 2022-04-09 13:02:56 -06:00
Allink
646f5e6002
Prevent non-living entities from being spawned by spawners (#7) 2022-04-04 02:39:28 -06:00
Video
6760ad5417 Properly renames patch #19 to stop it from renaming itself 2022-04-04 02:13:12 -06:00
Video
6950f39d8c Prevent attributes with invalid namespaces from being applied to CraftMetaItems 2022-03-30 18:24:02 -06:00
Video
8fdf4dce39 Validate String UUIDs during the CompoundTag -> GameProfile conversion process 2022-03-30 02:04:27 -06:00
Video
4cecc52099 Reject oversized components from updating + removes unnecessary imports from dev-imports.txt 2022-03-28 17:13:43 -06:00
ayunami2000
50e5b29c3d
Merge pull request #6 from AtlasMediaGroup/FS-176
block excessive nbt that kicks players
2022-03-28 17:30:11 -04:00
ayunami2000
31aad362c1 prepare for pr + fix typo 2022-03-28 17:24:47 -04:00
Video
77cc5f291f Better handling of invalid JSON components
This commit has some behavioral changes!

An issue regarding the treatment of invalid JSON components was raised this morning. This commit changes the behavior for many things using the component system to instead replace the invalid JSON with text saying "** Invalid JSON Component **". Some things will not do this (e.g. the conversion process).

Here's a list of things that are affected by this change:
- Hover event components (specifically, the show_entity action)
- NBT components
- Entity names
- Beacons
- Enchantment tables
- Scoreboard save data loading
2022-03-28 15:17:49 -06:00
ayunami2000
dbfbd9bca9 patch server side chunkbans 2022-03-28 17:07:28 -04:00
83cbb45e49 Attempt to fix security warnings 2022-03-26 23:25:45 -05:00
a9ff8bbf56 This time it really works, trust me 2022-03-26 23:03:57 -05:00
b633a0b588 Force the exception so we do use Git 2022-03-26 22:34:10 -05:00
c50ed524ed Don't rely on Jenkins / Paper API 2022-03-26 22:13:07 -05:00
5ecc13f8e7 Create 0017-Change-version-fetcher-to-AMG.patch 2022-03-26 22:00:15 -05:00
Paldiu
de72c29550
Merge pull request #5 from LunaWasFlaggedAgain/main
Do not log invalid items in HoverEvent and ItemFrame
2022-03-22 03:59:58 -05:00
Video
d929190ea2 I'm fucking retarded 2022-03-20 11:40:17 -06:00
Luna
0afb6fef8d
Merge branch 'AtlasMediaGroup:main' into main 2022-03-20 13:43:40 -03:00
Luna
330a8ac936
t 2022-03-20 13:43:35 -03:00
Video
dcef1afe08 A better solution
Realized what they are doing. Will rename commit later
2022-03-20 08:38:11 -06:00
Video
72b2109450 Validate coordinates before attempting to get block entities when handling Creative Inventory packets 2022-03-20 07:49:57 -06:00
Luna
57b96d20af Do not log invalid items in HoverEvent and ItemFrame 2022-03-20 09:31:54 -03:00
Video
ca57c181e4 Fixes crash exploit related to out of bounds Axolotl variants 2022-03-20 04:41:32 -06:00
Video
529a33f1be Even more ResourceLocation validation and log spam fixes 2022-03-20 04:21:47 -06:00
Video
2b36e3b591 Even more resource location validation 2022-03-14 00:52:57 -06:00
Video
bca07e92bc Validates BlockState and SoundEvent values 2022-03-13 22:07:59 -06:00
Video
9639d51c31 Additional fixes related to Knowledge Books
Missed a spot.
2022-03-13 21:12:08 -06:00
Video
61cce5a83c Fixes Knowledge Books causing log spam when invalid data is provided
the game of whack-a-mole continues
2022-03-13 18:47:15 -06:00
Luna
128fa39f5a ItemEntity - Check if items are air before calling setItem 2022-03-13 14:39:58 -03:00
Video
82c566c108 Ignore errors thrown when trying to remove minecart entities with content in them
Just for good measure...
2022-03-13 08:16:59 -06:00
Luna
cc3776b0b4 Ignore null/air bundle items in CraftMetaBundle 2022-03-13 11:08:25 -03:00
Video
28312aba85 Removes useless spammy error logging
we're playing wack-a-mole
2022-03-13 08:00:06 -06:00
Video
347ea8905c Fixes invalid LootTables causing problems when applied to Minecart entities 2022-03-13 07:43:47 -06:00
Video
eabbb65766 Fixes log spam caused by invalid entities in beehives 2022-03-13 06:12:45 -06:00
Video
8de4abc61b Fixes the Blank SkullOwner exploit 2022-03-13 04:49:46 -06:00
Video
b9f5db4717 Return null when a show_entity hover event's UUID isn't valid
Fixes a server-crashing exploit regarding dispensing a shulker box with specially-crafted JSON components.
2022-03-12 20:27:30 -07:00
Luna
49f7f4f21d Downgrade to 1.17.1 + Rebrand 2022-03-12 22:39:38 -03:00