42 lines
2.1 KiB
Diff
42 lines
2.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Zach Brown <1254957+zachbr@users.noreply.github.com>
|
|
Date: Mon, 18 Jul 2016 17:57:36 -0500
|
|
Subject: [PATCH] Less strict skull validation
|
|
|
|
Spigot's solution removes all unsigned skins from Skulls. While this does work to achieve its original goal, it is often
|
|
overzealous and removes many plugin created and other skulls. We can be more specific in our checks to avoid this.
|
|
|
|
This does technically reveal how the exploit works, however given that it already appears to be well-known throughout
|
|
malicious communities, and the current solution breaks legitimate skulls, we don't feel particularly bad about it this
|
|
time.
|
|
|
|
diff --git a/src/main/java/net/minecraft/server/ItemSkull.java b/src/main/java/net/minecraft/server/ItemSkull.java
|
|
index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644
|
|
--- a/src/main/java/net/minecraft/server/ItemSkull.java
|
|
+++ b/src/main/java/net/minecraft/server/ItemSkull.java
|
|
@@ -0,0 +0,0 @@ public class ItemSkull extends Item {
|
|
boolean valid = true;
|
|
|
|
NBTTagList textures = nbttagcompound.getCompound("SkullOwner").getCompound("Properties").getList("textures", 10); // Safe due to method contracts
|
|
+ // Paper start - Less strict validation
|
|
+ for (NBTBase texture : textures.list) {
|
|
+ if (texture instanceof NBTTagCompound && !((NBTTagCompound) texture).hasKeyOfType("Signature", 8)) {
|
|
+ if (((NBTTagCompound) texture).getString("Value").trim().length() > 0) {
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ valid = false;
|
|
+ }
|
|
+ }
|
|
+ /*
|
|
for (int i = 0; i < textures.size(); i++) {
|
|
if (textures.get(i) instanceof NBTTagCompound && !((NBTTagCompound) textures.get(i)).hasKeyOfType("Signature", 8)) {
|
|
valid = false;
|
|
}
|
|
}
|
|
+ */
|
|
+ // Paper end
|
|
|
|
if (!valid) {
|
|
nbttagcompound.remove("SkullOwner");
|
|
--
|