NBT overflow patch
Patch for the NBT overflow exploit which allowed any player to overflow and drain the server for memory making it freeze and eventually crash.
This commit is contained in:
parent
633cbdabe2
commit
436f63860e
@ -48,6 +48,17 @@ public class PacketHandler extends MiniPlugin
|
|||||||
EnumProtocol.PLAY.a().put(2, PacketPlayUseEntity.class);
|
EnumProtocol.PLAY.a().put(2, PacketPlayUseEntity.class);
|
||||||
EnumProtocol.PLAY.a().put(PacketPlayUseEntity.class, 2);
|
EnumProtocol.PLAY.a().put(PacketPlayUseEntity.class, 2);
|
||||||
|
|
||||||
|
// NBT Overflow Exploit Handlers
|
||||||
|
EnumProtocol.PLAY.a().put(8, PacketPlayInBlockPace.class);
|
||||||
|
EnumProtocol.PLAY.a().put(PacketPlayInBlockPace.class, 8);
|
||||||
|
|
||||||
|
EnumProtocol.PLAY.a().put(14, PacketPlayInWindowClick.class);
|
||||||
|
EnumProtocol.PLAY.a().put(PacketPlayInWindowClick.class, 14);
|
||||||
|
|
||||||
|
EnumProtocol.PLAY.a().put(16, PacketPlayInSetCreativeSlot.class);
|
||||||
|
EnumProtocol.PLAY.a().put(PacketPlayInSetCreativeSlot.class, 16);
|
||||||
|
// ----------------------------
|
||||||
|
|
||||||
Method method = ProtocolInjector.class.getDeclaredMethod("addPacket", EnumProtocol.class,boolean.class, int.class, Class.class);
|
Method method = ProtocolInjector.class.getDeclaredMethod("addPacket", EnumProtocol.class,boolean.class, int.class, Class.class);
|
||||||
method.setAccessible(true);
|
method.setAccessible(true);
|
||||||
|
|
||||||
|
@ -0,0 +1,15 @@
|
|||||||
|
package mineplex.core.packethandler;
|
||||||
|
|
||||||
|
import net.minecraft.server.v1_7_R4.PacketDataSerializer;
|
||||||
|
import net.minecraft.server.v1_7_R4.PacketPlayInBlockPlace;
|
||||||
|
|
||||||
|
public class PacketPlayInBlockPace extends PacketPlayInBlockPlace
|
||||||
|
{
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void a(PacketDataSerializer data)
|
||||||
|
{
|
||||||
|
super.a(WrappedPacketDataSerializer.wrapDataSerializer(data));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,15 @@
|
|||||||
|
package mineplex.core.packethandler;
|
||||||
|
|
||||||
|
import net.minecraft.server.v1_7_R4.PacketDataSerializer;
|
||||||
|
|
||||||
|
public class PacketPlayInSetCreativeSlot extends net.minecraft.server.v1_7_R4.PacketPlayInSetCreativeSlot
|
||||||
|
{
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void a(PacketDataSerializer data)
|
||||||
|
{
|
||||||
|
super.a(WrappedPacketDataSerializer.wrapDataSerializer(data));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,14 @@
|
|||||||
|
package mineplex.core.packethandler;
|
||||||
|
|
||||||
|
import net.minecraft.server.v1_7_R4.PacketDataSerializer;
|
||||||
|
|
||||||
|
public class PacketPlayInWindowClick extends net.minecraft.server.v1_7_R4.PacketPlayInWindowClick
|
||||||
|
{
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void a(PacketDataSerializer data)
|
||||||
|
{
|
||||||
|
super.a(WrappedPacketDataSerializer.wrapDataSerializer(data));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,85 @@
|
|||||||
|
package mineplex.core.packethandler;
|
||||||
|
|
||||||
|
import java.io.DataInputStream;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.lang.reflect.Field;
|
||||||
|
|
||||||
|
import org.bukkit.craftbukkit.v1_7_R4.inventory.CraftItemStack;
|
||||||
|
import org.spigotmc.LimitStream;
|
||||||
|
|
||||||
|
import net.minecraft.server.v1_7_R4.Item;
|
||||||
|
import net.minecraft.server.v1_7_R4.ItemStack;
|
||||||
|
import net.minecraft.server.v1_7_R4.NBTCompressedStreamTools;
|
||||||
|
import net.minecraft.server.v1_7_R4.NBTReadLimiter;
|
||||||
|
import net.minecraft.server.v1_7_R4.NBTTagCompound;
|
||||||
|
import net.minecraft.server.v1_7_R4.PacketDataSerializer;
|
||||||
|
import net.minecraft.util.io.netty.buffer.ByteBuf;
|
||||||
|
import net.minecraft.util.io.netty.buffer.ByteBufInputStream;
|
||||||
|
|
||||||
|
public class WrappedPacketDataSerializer extends PacketDataSerializer
|
||||||
|
{
|
||||||
|
|
||||||
|
public WrappedPacketDataSerializer(ByteBuf bytebuf)
|
||||||
|
{
|
||||||
|
super(bytebuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
public WrappedPacketDataSerializer(ByteBuf bytebuf, int version)
|
||||||
|
{
|
||||||
|
super(bytebuf, version);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public ItemStack c()
|
||||||
|
{
|
||||||
|
try {
|
||||||
|
ItemStack itemstack = null;
|
||||||
|
short short0 = readShort();
|
||||||
|
if (short0 >= 0)
|
||||||
|
{
|
||||||
|
byte b0 = readByte();
|
||||||
|
short short1 = readShort();
|
||||||
|
|
||||||
|
itemstack = new ItemStack(Item.getById(short0), b0, short1);
|
||||||
|
itemstack.setTag(b());
|
||||||
|
if (itemstack.getTag() != null) {
|
||||||
|
CraftItemStack.setItemMeta(itemstack, CraftItemStack.getItemMeta(itemstack));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return itemstack;
|
||||||
|
} catch (Exception e) {
|
||||||
|
this.clear();
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public NBTTagCompound b()
|
||||||
|
{
|
||||||
|
int i = readerIndex();
|
||||||
|
byte b0 = readByte();
|
||||||
|
if (b0 == 0) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
readerIndex(i);
|
||||||
|
ByteBufInputStream data = new ByteBufInputStream(this);
|
||||||
|
NBTReadLimiter nbtreadlimiter = new NBTReadLimiter(2097152L);
|
||||||
|
return NBTCompressedStreamTools.a(new DataInputStream(new LimitStream((InputStream)data, nbtreadlimiter)), nbtreadlimiter);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static WrappedPacketDataSerializer wrapDataSerializer(PacketDataSerializer data) {
|
||||||
|
try
|
||||||
|
{
|
||||||
|
Field a = data.getClass().getDeclaredField("a");
|
||||||
|
a.setAccessible(true);
|
||||||
|
ByteBuf buff = (ByteBuf) a.get(data);
|
||||||
|
WrappedPacketDataSerializer w = new WrappedPacketDataSerializer(buff, data.version);
|
||||||
|
return w;
|
||||||
|
}
|
||||||
|
catch (Exception e)
|
||||||
|
{
|
||||||
|
e.printStackTrace();
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user