Jessica Client crashes bungee

[Drc-DEV]

Latest jessica client's feature ".figure" crashes bungeecord quite fast (no errors, it just restarts), if there are at least 2 players online. That feature sends item packets containing shulkerboxes that have books with oversized pages (too long and too many) inside. Seems like a workaround on the now already fixed oversized book exploit.

I think this should be prevented directly on waterfall, because only bungeecord crashes, while the spigot server is fine.

I was able to block this on spigot by checking packets via protocollib's api (viaversion and other common ways to block that kind of packet does not work sadly), but having a proper fix inside bungeecord would be better imho.

[mikroskeem]

Why can't e.g plugin deal with this instead?

[Leymooo]

You can try my plugin https://slava.funtime.su/plugins/FiguresFix/ (ProtocolLib Required). Not sure if it will work for 1.13 and upper, but i hope it will.

Also it looks like that your system runs out of memory and system kill your Bungee/Waterfall process to get some free memory.

[Drc-DEV]

Another exploit "nullping" adds to the many that can crash bungee, and there's little to no effort on their part to fix these upstream instead of having to deal with them with some obscure plugin or fork.

[mikroskeem]

We have no clear overview about those exploits. Personally I don't want to run or download cheat clients on my personal computer (nor do I have decent sandboxing around) to get the grasp what those exploits actually do - I am not fond of running untrusted code near my personal data what I can get from even less trusted webpages.

If someone wants to help then sure, PaperMC IRC and Discord guild are there for a reason. Provide enough information and someone of us will look into it.

[Janmm14]

Another exploit "nullping" adds to the many that can crash bungee, and there's little to no effort on their part to fix these upstream instead of having to deal with them with some obscure plugin or fork.

There is little to no effort to do proper bug reports upstream apparantly.

Create an issue on bungeecord repository, provide the cheat client, say the command which crashes your bungee and I'm sure someone (maybe me) would decompile the client then and provide details on how the crashing method would work.

You just don't expect md_5 to magically know about all exploits flying around when he doesn't even operate a bungeecord.

[electronicboy]

I've yet to see this in a capacity to crash the proxy outside of just making it flood exceptions, in part, this is somewhat unfixable given the nature of a server softwares goal, the fix is Ultimately going to be to try to optimize how errors are basically handled in the proxy to make them being thrown less of a performance hit

On Wed, 20 Nov 2019, 17:26 Janmm14, notifications@github.com wrote:

Another exploit "nullping" adds to the many that can crash bungee, and there's little to no effort on their part to fix these upstream instead of having to deal with them with some obscure plugin or fork.

There is little to no effort to do proper bug reports upstream apparantly.

Create an issue on bungeecord repository, provide the cheat client, say the command which crashes your bungee and I'm sure someone (maybe me) would decompile the client then and provide details on how the crashing method would work.

You just don't expect md_5 to magically know about all exploits flying around when he doesn't even operate a bungeecord.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/PaperMC/Waterfall/issues/429?email_source=notifications&email_token=AAJMAZHLYHJ2YEUD4XFVUPDQUVXNLA5CNFSM4JEBSFS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEES7RGI#issuecomment-556136601, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJMAZAJ7C2APOPKWFMFGLDQUVXNLANCNFSM4JEBSFSQ .