diff options
author | Shane Freeder <[email protected]> | 2021-04-18 21:47:01 +0100 |
---|---|---|
committer | Shane Freeder <[email protected]> | 2021-04-18 21:47:04 +0100 |
commit | 23afda1795f781eb7acd7a98fda1c92cb885fa34 (patch) | |
tree | a197275cdfd32a696c65d3d9aaf8e4e74e3b6c44 | |
parent | 0fb8bdf0e0a7093551b095c668a6595efbf51872 (diff) | |
download | Paper-23afda1795f781eb7acd7a98fda1c92cb885fa34.tar.gz Paper-23afda1795f781eb7acd7a98fda1c92cb885fa34.zip |
basic hostname validation
-rw-r--r-- | Spigot-Server-Patches/0703-Validate-bungee-forwarded-hostname.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/Spigot-Server-Patches/0703-Validate-bungee-forwarded-hostname.patch b/Spigot-Server-Patches/0703-Validate-bungee-forwarded-hostname.patch new file mode 100644 index 0000000000..843890759f --- /dev/null +++ b/Spigot-Server-Patches/0703-Validate-bungee-forwarded-hostname.patch @@ -0,0 +1,54 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Shane Freeder <[email protected]> +Date: Sun, 18 Apr 2021 21:27:01 +0100 +Subject: [PATCH] Validate bungee forwarded hostname + +Seriously, fix your firewalls. -.- + +diff --git a/src/main/java/net/minecraft/server/network/HandshakeListener.java b/src/main/java/net/minecraft/server/network/HandshakeListener.java +index b97d289afdff81d9959e238639f4e3e186f8e9c8..e13ed3a17866ce3ef0b2ac1dbcb17fb726c89fa8 100644 +--- a/src/main/java/net/minecraft/server/network/HandshakeListener.java ++++ b/src/main/java/net/minecraft/server/network/HandshakeListener.java +@@ -1,5 +1,8 @@ + package net.minecraft.server.network; + ++import com.google.common.net.InetAddresses; ++import com.google.common.net.InternetDomainName; ++ + import net.minecraft.SharedConstants; + import net.minecraft.network.EnumProtocol; + import net.minecraft.network.NetworkManager; +@@ -26,6 +29,7 @@ public class HandshakeListener implements PacketHandshakingInListener { + private static final IChatBaseComponent a = new ChatComponentText("Ignoring status request"); + private final MinecraftServer b; + private final NetworkManager c; final NetworkManager getNetworkManager() { return this.c; } // Paper - OBFHELPER ++ private static final boolean BYPASS_HOSTCHECK = Boolean.getBoolean("Paper.bypassHostCheck"); // Paper + + public HandshakeListener(MinecraftServer minecraftserver, NetworkManager networkmanager) { + this.b = minecraftserver; +@@ -114,6 +118,14 @@ public class HandshakeListener implements PacketHandshakingInListener { + //if (org.spigotmc.SpigotConfig.bungee) { // Paper - comment out, we check above! + String[] split = packethandshakinginsetprotocol.hostname.split("\00"); + if ( split.length == 3 || split.length == 4 ) { ++ // Paper start ++ if (!BYPASS_HOSTCHECK && !validate(split[0])) { ++ final ChatMessage message = new ChatMessage("Invalid hostname"); ++ this.c.sendPacket(new PacketLoginOutDisconnect(message)); ++ this.c.close(message); ++ return; ++ } ++ // Paper end + packethandshakinginsetprotocol.hostname = split[0]; + c.socketAddress = new java.net.InetSocketAddress(split[1], ((java.net.InetSocketAddress) c.getSocketAddress()).getPort()); + c.spoofedUUID = com.mojang.util.UUIDTypeAdapter.fromString( split[2] ); +@@ -158,4 +170,10 @@ public class HandshakeListener implements PacketHandshakingInListener { + public NetworkManager a() { + return this.c; + } ++ ++ // Paper start - https://stackoverflow.com/questions/9954140/check-if-a-string-is-a-hostname-or-an-ip-address-in-java ++ public static boolean validate(final String hostname) { ++ //noinspection UnstableApiUsage ++ return InetAddresses.isUriInetAddress(hostname); ++ } + } |