diff options
author | Nassim Jahnke <[email protected]> | 2024-05-09 16:09:06 +0200 |
---|---|---|
committer | Nassim Jahnke <[email protected]> | 2024-05-09 16:09:06 +0200 |
commit | 79fc353ef87742930e0cc5b92ff84147eb108a0a (patch) | |
tree | 9d1fb7568d80946144b5f90ba427eeeef900773e | |
parent | 826d2e939b17c5af4f073a0eda8a9308c6f51f1f (diff) | |
download | Paper-79fc353ef87742930e0cc5b92ff84147eb108a0a.tar.gz Paper-79fc353ef87742930e0cc5b92ff84147eb108a0a.zip |
Also add validation to spigot class
4 files changed, 48 insertions, 11 deletions
diff --git a/patches/server/0074-Handle-Item-Meta-Inconsistencies.patch b/patches/server/0074-Handle-Item-Meta-Inconsistencies.patch index c8c45d26cd..35a4a67526 100644 --- a/patches/server/0074-Handle-Item-Meta-Inconsistencies.patch +++ b/patches/server/0074-Handle-Item-Meta-Inconsistencies.patch @@ -271,3 +271,40 @@ index 3f309c255097f6778854d710a5a045fa960a953f..c318552a2ac2710cea01ac449a469a0f + // Paper end + } +diff --git a/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java b/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java +index 358af0121ce3d87a9f51da2bae0699034c1560b4..866f9d00669923ee01ac97399cd78b5ee58f950f 100644 +--- a/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java ++++ b/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java +@@ -37,6 +37,16 @@ public final class CraftPlayerProfile implements PlayerProfile { + boolean isValidSkullProfile = (gameProfile.getName() != null) + || gameProfile.getProperties().containsKey(CraftPlayerTextures.PROPERTY_NAME); + Preconditions.checkArgument(isValidSkullProfile, "The skull profile is missing a name or textures!"); ++ // Paper start - Validate ++ Preconditions.checkArgument(gameProfile.getName().length() <= 16, "The name of the profile is longer than 16 characters"); ++ final PropertyMap properties = gameProfile.getProperties(); ++ Preconditions.checkArgument(properties.size() <= 16, "The profile contains more than 16 properties"); ++ for (final Property property : properties.values()) { ++ Preconditions.checkArgument(property.name().length() <= 16, "The name of a property is longer than 16 characters"); ++ Preconditions.checkArgument(property.value().length() <= Short.MAX_VALUE, "The value of a property is longer than 32767 characters"); ++ Preconditions.checkArgument(property.signature() == null || property.signature().length() <= 1024, "The signature of a property is longer than 1024 characters"); ++ } ++ // Paper end - Validate + return gameProfile; + } + +@@ -53,6 +63,7 @@ public final class CraftPlayerProfile implements PlayerProfile { + + public CraftPlayerProfile(UUID uniqueId, String name) { + Preconditions.checkArgument((uniqueId != null) || !StringUtils.isBlank(name), "uniqueId is null or name is blank"); ++ Preconditions.checkArgument(name == null || name.length() <= 16, "The name of the profile is longer than 16 characters"); // Paper - Validate + this.uniqueId = (uniqueId == null) ? Util.NIL_UUID : uniqueId; + this.name = (name == null) ? "" : name; + } +@@ -89,6 +100,7 @@ public final class CraftPlayerProfile implements PlayerProfile { + // Assert: (property == null) || property.getName().equals(propertyName) + this.removeProperty(propertyName); + if (property != null) { ++ Preconditions.checkArgument(this.properties.size() < 16, "The profile contains more than 16 properties"); // Paper - Validate + this.properties.put(property.name(), property); + } + } diff --git a/patches/server/0139-Do-not-submit-profile-lookups-to-worldgen-threads.patch b/patches/server/0139-Do-not-submit-profile-lookups-to-worldgen-threads.patch index e660ce370c..3b7ee69e84 100644 --- a/patches/server/0139-Do-not-submit-profile-lookups-to-worldgen-threads.patch +++ b/patches/server/0139-Do-not-submit-profile-lookups-to-worldgen-threads.patch @@ -63,10 +63,10 @@ index 6097e0ab387cfa4c2c9ab0389fc5bb6cd899ecc3..ebba6bc5b337d19e32be5a78294501ed public static void clear() { diff --git a/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java b/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java -index 358af0121ce3d87a9f51da2bae0699034c1560b4..edd340c66ea8cec1c76ba29f1deab14c4784a7e5 100644 +index 866f9d00669923ee01ac97399cd78b5ee58f950f..6f0edd4d1c473179c03253326a3c7b5910ec53ad 100644 --- a/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java +++ b/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java -@@ -122,7 +122,7 @@ public final class CraftPlayerProfile implements PlayerProfile { +@@ -134,7 +134,7 @@ public final class CraftPlayerProfile implements PlayerProfile { @Override public CompletableFuture<PlayerProfile> update() { diff --git a/patches/server/0140-Basic-PlayerProfile-API.patch b/patches/server/0140-Basic-PlayerProfile-API.patch index 77ecf1f808..76272eb077 100644 --- a/patches/server/0140-Basic-PlayerProfile-API.patch +++ b/patches/server/0140-Basic-PlayerProfile-API.patch @@ -688,7 +688,7 @@ index f6012feafe1dbbf9c52ac38965d9475896766657..a7554f2028f93867360c27a51c9580a8 // Paper end } diff --git a/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java b/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java -index edd340c66ea8cec1c76ba29f1deab14c4784a7e5..6f779c6f4422c5b5dc22f66e3e702c714d0e052b 100644 +index 6f0edd4d1c473179c03253326a3c7b5910ec53ad..e3a244dac35bf4d5d10e41c200aaa7f93e278ef9 100644 --- a/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java +++ b/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java @@ -28,7 +28,7 @@ import org.bukkit.profile.PlayerProfile; @@ -700,7 +700,7 @@ index edd340c66ea8cec1c76ba29f1deab14c4784a7e5..6f779c6f4422c5b5dc22f66e3e702c71 @Nonnull public static GameProfile validateSkullProfile(@Nonnull GameProfile gameProfile) { -@@ -93,8 +93,10 @@ public final class CraftPlayerProfile implements PlayerProfile { +@@ -105,8 +105,10 @@ public final class CraftPlayerProfile implements PlayerProfile { } } @@ -713,7 +713,7 @@ index edd340c66ea8cec1c76ba29f1deab14c4784a7e5..6f779c6f4422c5b5dc22f66e3e702c71 } void rebuildDirtyProperties() { -@@ -237,6 +239,7 @@ public final class CraftPlayerProfile implements PlayerProfile { +@@ -249,6 +251,7 @@ public final class CraftPlayerProfile implements PlayerProfile { @Override public Map<String, Object> serialize() { @@ -721,7 +721,7 @@ index edd340c66ea8cec1c76ba29f1deab14c4784a7e5..6f779c6f4422c5b5dc22f66e3e702c71 Map<String, Object> map = new LinkedHashMap<>(); if (this.getUniqueId() != null) { map.put("uniqueId", this.getUniqueId().toString()); -@@ -252,10 +255,12 @@ public final class CraftPlayerProfile implements PlayerProfile { +@@ -264,10 +267,12 @@ public final class CraftPlayerProfile implements PlayerProfile { }); map.put("properties", propertiesData); } @@ -734,7 +734,7 @@ index edd340c66ea8cec1c76ba29f1deab14c4784a7e5..6f779c6f4422c5b5dc22f66e3e702c71 UUID uniqueId = ConfigSerializationUtil.getUuid(map, "uniqueId", true); String name = ConfigSerializationUtil.getString(map, "name", true); -@@ -269,7 +274,7 @@ public final class CraftPlayerProfile implements PlayerProfile { +@@ -281,7 +286,7 @@ public final class CraftPlayerProfile implements PlayerProfile { profile.properties.put(property.name(), property); } } diff --git a/patches/server/0862-Fix-BanList-API.patch b/patches/server/0862-Fix-BanList-API.patch index ad75aaf764..424bd4c9d0 100644 --- a/patches/server/0862-Fix-BanList-API.patch +++ b/patches/server/0862-Fix-BanList-API.patch @@ -208,7 +208,7 @@ index 172202accf4448a933fcf1ff820316c7910dd7f7..50ee7656580d386db473c054f5c5ec57 return null; } diff --git a/src/main/java/org/bukkit/craftbukkit/entity/CraftPlayer.java b/src/main/java/org/bukkit/craftbukkit/entity/CraftPlayer.java -index 7c039d79b6fba3358daaaf8894e05d9493fa6af8..1c264135c34117407bfbb2d230e2ea1f9ebd0671 100644 +index 4603752c6ddb75b400afc48971523530fafe8623..5caf63605829e3df994ff22c4351234625d4dc24 100644 --- a/src/main/java/org/bukkit/craftbukkit/entity/CraftPlayer.java +++ b/src/main/java/org/bukkit/craftbukkit/entity/CraftPlayer.java @@ -1733,23 +1733,23 @@ public class CraftPlayer extends CraftHumanEntity implements Player { @@ -256,7 +256,7 @@ index 7c039d79b6fba3358daaaf8894e05d9493fa6af8..1c264135c34117407bfbb2d230e2ea1f } diff --git a/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java b/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java -index 6f779c6f4422c5b5dc22f66e3e702c714d0e052b..41336821d4e0430e19f2fc021f09430d7a1302f6 100644 +index e3a244dac35bf4d5d10e41c200aaa7f93e278ef9..c7cd9081fa7e0b5e436e168515d051cd15a33706 100644 --- a/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java +++ b/src/main/java/org/bukkit/craftbukkit/profile/CraftPlayerProfile.java @@ -28,7 +28,7 @@ import org.bukkit.profile.PlayerProfile; @@ -268,7 +268,7 @@ index 6f779c6f4422c5b5dc22f66e3e702c714d0e052b..41336821d4e0430e19f2fc021f09430d @Nonnull public static GameProfile validateSkullProfile(@Nonnull GameProfile gameProfile) { -@@ -123,7 +123,7 @@ public final class CraftPlayerProfile implements PlayerProfile, com.destroystoky +@@ -135,7 +135,7 @@ public final class CraftPlayerProfile implements PlayerProfile, com.destroystoky } @Override @@ -277,7 +277,7 @@ index 6f779c6f4422c5b5dc22f66e3e702c714d0e052b..41336821d4e0430e19f2fc021f09430d return CompletableFuture.supplyAsync(this::getUpdatedProfile, Util.PROFILE_EXECUTOR); // Paper - don't submit BLOCKING PROFILE LOOKUPS to the world gen thread } -@@ -277,4 +277,71 @@ public final class CraftPlayerProfile implements PlayerProfile, com.destroystoky +@@ -289,4 +289,71 @@ public final class CraftPlayerProfile implements PlayerProfile, com.destroystoky // Paper - diff on change return profile; } |