aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
author4real <[email protected]>2024-09-17 17:57:32 +0300
committerGitHub <[email protected]>2024-09-17 16:57:32 +0200
commit2aaf4369b61256c28c205ec1152132760b310ebd (patch)
tree4ec349bba2d8d14c7a62c63709fe3312d987b1d3
parent1348e44173f422a7bf6f162a28c70a229dfe827b (diff)
downloadPaper-2aaf4369b61256c28c205ec1152132760b310ebd.tar.gz
Paper-2aaf4369b61256c28c205ec1152132760b310ebd.zip
Validate slot in PlayerInventory#setSlot (#11399)
-rw-r--r--patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch b/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch
new file mode 100644
index 0000000000..51eb36e240
--- /dev/null
+++ b/patches/server/1057-Validate-slot-in-PlayerInventory-setSlot.patch
@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: strnq <[email protected]>
+Date: Sat, 14 Sep 2024 12:53:13 +0300
+Subject: [PATCH] Validate slot in PlayerInventory#setSlot
+
+The CraftPlayerInventory implementation sends a container_set_slot
+packet to the client which will error if an invalid slot is passed to
+the setSlot method, making a validation necessary over simply silently
+ignoring invalid slot values.
+
+diff --git a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
+index eafa54c870c3e2aef30c3f9f96f516607a7cae24..8dea4321e41080829b474ad7b5a12c6a622181fd 100644
+--- a/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
++++ b/src/main/java/org/bukkit/craftbukkit/inventory/CraftInventoryPlayer.java
+@@ -70,6 +70,11 @@ public class CraftInventoryPlayer extends CraftInventory implements org.bukkit.i
+
+ @Override
+ public void setItem(int index, ItemStack item) {
++ // Paper start - Validate setItem index
++ if (index < 0 || index > 40) {
++ throw new ArrayIndexOutOfBoundsException("Index must be between 0 and 40");
++ }
++ // Paper end - Validate setItem index
+ super.setItem(index, item);
+ if (this.getHolder() == null) return;
+ ServerPlayer player = ((CraftPlayer) this.getHolder()).getHandle();