From c2c119140fd5f0df8b219b6008a781c599ef38aa Mon Sep 17 00:00:00 2001 From: Andrew Steinborn Date: Mon, 7 Jun 2021 12:46:21 -0400 Subject: [PATCH 1/4] Anticipatory bump to Minecraft 1.17 --- .../java/com/velocitypowered/api/network/ProtocolVersion.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/main/java/com/velocitypowered/api/network/ProtocolVersion.java b/api/src/main/java/com/velocitypowered/api/network/ProtocolVersion.java index 20662ab6..0bbdc45b 100644 --- a/api/src/main/java/com/velocitypowered/api/network/ProtocolVersion.java +++ b/api/src/main/java/com/velocitypowered/api/network/ProtocolVersion.java @@ -54,7 +54,7 @@ public enum ProtocolVersion { MINECRAFT_1_16_2(751, "1.16.2"), MINECRAFT_1_16_3(753, "1.16.3"), MINECRAFT_1_16_4(754, "1.16.4", "1.16.5"), - MINECRAFT_1_17(-1, 34, "1.17"); // Snapshot: 1.17-rc1, future protocol: 755 + MINECRAFT_1_17(755, "1.17"); private static final int SNAPSHOT_BIT = 30; From b6dc0089b4d399e56feb8631f2a183cb70740175 Mon Sep 17 00:00:00 2001 From: Andrew Steinborn Date: Mon, 7 Jun 2021 12:47:00 -0400 Subject: [PATCH 2/4] Velocity 1.1.6 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index ac9db4ce..e9bc5d52 100644 --- a/build.gradle +++ b/build.gradle @@ -17,7 +17,7 @@ allprojects { apply plugin: "com.github.spotbugs" group 'com.velocitypowered' - version '1.1.6-SNAPSHOT' + version '1.1.6' ext { // dependency versions From 224e06d7eae1fb27723d6d0ec279b9d05a103604 Mon Sep 17 00:00:00 2001 From: Andrew Steinborn Date: Mon, 7 Jun 2021 12:48:11 -0400 Subject: [PATCH 3/4] Bump to 1.1.7-SNAPSHOT --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index e9bc5d52..c8039421 100644 --- a/build.gradle +++ b/build.gradle @@ -17,7 +17,7 @@ allprojects { apply plugin: "com.github.spotbugs" group 'com.velocitypowered' - version '1.1.6' + version '1.1.7-SNAPSHOT' ext { // dependency versions From 496372d7af199826688ee0becb218bfb6c250a6a Mon Sep 17 00:00:00 2001 From: Andrew Steinborn Date: Mon, 7 Jun 2021 15:32:36 -0400 Subject: [PATCH 4/4] Check if the resource pack hash looks like it might be a SHA-1 hash --- .../proxy/connection/backend/BackendPlaySessionHandler.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/BackendPlaySessionHandler.java b/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/BackendPlaySessionHandler.java index f42a6c08..eaa81709 100644 --- a/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/BackendPlaySessionHandler.java +++ b/proxy/src/main/java/com/velocitypowered/proxy/connection/backend/BackendPlaySessionHandler.java @@ -52,11 +52,13 @@ import io.netty.buffer.Unpooled; import io.netty.channel.Channel; import io.netty.handler.timeout.ReadTimeoutException; import java.util.Collection; +import java.util.regex.Pattern; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; public class BackendPlaySessionHandler implements MinecraftSessionHandler { + private static final Pattern PLAUSIBLE_SHA1_HASH = Pattern.compile("^[a-z0-9]{40}$"); private static final Logger logger = LogManager.getLogger(BackendPlaySessionHandler.class); private static final boolean BACKPRESSURE_LOG = Boolean .getBoolean("velocity.log-server-backpressure"); @@ -140,7 +142,9 @@ public class BackendPlaySessionHandler implements MinecraftSessionHandler { .setShouldForce(packet.isRequired()); // Why SpotBugs decides that this is unsafe I have no idea; if (packet.getHash() != null && !Preconditions.checkNotNull(packet.getHash()).isEmpty()) { - builder.setHash(ByteBufUtil.decodeHexDump(packet.getHash())); + if (PLAUSIBLE_SHA1_HASH.matcher(packet.getHash()).matches()) { + builder.setHash(ByteBufUtil.decodeHexDump(packet.getHash())); + } } serverConn.getPlayer().queueResourcePack(builder.build());