aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorShane Freeder <[email protected]>2021-04-18 21:47:01 +0100
committerShane Freeder <[email protected]>2021-04-18 21:47:04 +0100
commit23afda1795f781eb7acd7a98fda1c92cb885fa34 (patch)
treea197275cdfd32a696c65d3d9aaf8e4e74e3b6c44
parent0fb8bdf0e0a7093551b095c668a6595efbf51872 (diff)
downloadPaper-23afda1795f781eb7acd7a98fda1c92cb885fa34.tar.gz
Paper-23afda1795f781eb7acd7a98fda1c92cb885fa34.zip
basic hostname validation
-rw-r--r--Spigot-Server-Patches/0703-Validate-bungee-forwarded-hostname.patch54
1 files changed, 54 insertions, 0 deletions
diff --git a/Spigot-Server-Patches/0703-Validate-bungee-forwarded-hostname.patch b/Spigot-Server-Patches/0703-Validate-bungee-forwarded-hostname.patch
new file mode 100644
index 0000000000..843890759f
--- /dev/null
+++ b/Spigot-Server-Patches/0703-Validate-bungee-forwarded-hostname.patch
@@ -0,0 +1,54 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shane Freeder <[email protected]>
+Date: Sun, 18 Apr 2021 21:27:01 +0100
+Subject: [PATCH] Validate bungee forwarded hostname
+
+Seriously, fix your firewalls. -.-
+
+diff --git a/src/main/java/net/minecraft/server/network/HandshakeListener.java b/src/main/java/net/minecraft/server/network/HandshakeListener.java
+index b97d289afdff81d9959e238639f4e3e186f8e9c8..e13ed3a17866ce3ef0b2ac1dbcb17fb726c89fa8 100644
+--- a/src/main/java/net/minecraft/server/network/HandshakeListener.java
++++ b/src/main/java/net/minecraft/server/network/HandshakeListener.java
+@@ -1,5 +1,8 @@
+ package net.minecraft.server.network;
+
++import com.google.common.net.InetAddresses;
++import com.google.common.net.InternetDomainName;
++
+ import net.minecraft.SharedConstants;
+ import net.minecraft.network.EnumProtocol;
+ import net.minecraft.network.NetworkManager;
+@@ -26,6 +29,7 @@ public class HandshakeListener implements PacketHandshakingInListener {
+ private static final IChatBaseComponent a = new ChatComponentText("Ignoring status request");
+ private final MinecraftServer b;
+ private final NetworkManager c; final NetworkManager getNetworkManager() { return this.c; } // Paper - OBFHELPER
++ private static final boolean BYPASS_HOSTCHECK = Boolean.getBoolean("Paper.bypassHostCheck"); // Paper
+
+ public HandshakeListener(MinecraftServer minecraftserver, NetworkManager networkmanager) {
+ this.b = minecraftserver;
+@@ -114,6 +118,14 @@ public class HandshakeListener implements PacketHandshakingInListener {
+ //if (org.spigotmc.SpigotConfig.bungee) { // Paper - comment out, we check above!
+ String[] split = packethandshakinginsetprotocol.hostname.split("\00");
+ if ( split.length == 3 || split.length == 4 ) {
++ // Paper start
++ if (!BYPASS_HOSTCHECK && !validate(split[0])) {
++ final ChatMessage message = new ChatMessage("Invalid hostname");
++ this.c.sendPacket(new PacketLoginOutDisconnect(message));
++ this.c.close(message);
++ return;
++ }
++ // Paper end
+ packethandshakinginsetprotocol.hostname = split[0];
+ c.socketAddress = new java.net.InetSocketAddress(split[1], ((java.net.InetSocketAddress) c.getSocketAddress()).getPort());
+ c.spoofedUUID = com.mojang.util.UUIDTypeAdapter.fromString( split[2] );
+@@ -158,4 +170,10 @@ public class HandshakeListener implements PacketHandshakingInListener {
+ public NetworkManager a() {
+ return this.c;
+ }
++
++ // Paper start - https://stackoverflow.com/questions/9954140/check-if-a-string-is-a-hostname-or-an-ip-address-in-java
++ public static boolean validate(final String hostname) {
++ //noinspection UnstableApiUsage
++ return InetAddresses.isUriInetAddress(hostname);
++ }
+ }