Closed mibby closed 2 years ago
Imo. Purpur should provide an option for that protection. Fixing this in the plugin wouldn't be trivial and would require something like preventing that the status packets gets sent through the Bungee. (Something some people might even want so it would need an option too)
Also generally speaking I'm a bit sceptical why that check is even necessary in the server directly. Plugins that care about that case can easily handle that exact logic themselves and not trigger when they didn't send a pack.
Sorry about that. That feature was definitely supposed to be behind a config option. This has been rectified in build 1287.
As for why we do this check @Phoenix616 its because Purpur has the option to put a player into invulnerable mode while they are accepting/downloading a server resource pack. This check was put into place to prevent modded clients from abusing this feature to gain unlimited vulnerability. You can send the resource pack through ServerPlayer#sendTexturePack
or manually set Purpur's ServerPlayer#acceptingResourcePack
flag to make this plugin compatible with this feature.
@mibby Make sure you disable the player.invulnerable-while-accepting-resource-pack
option in purpur.yml until this plugin becomes compatible with the feature.
You can send the resource pack through ServerPlayer#sendTexturePack or manually set Purpur's ServerPlayer#acceptingResourcePack flag to make this plugin compatible with this feature.
Well that's not really possible in that case as the plugin sends the pack from the proxy :)
On Sun, Jul 18, 2021, 17:10 BillyGalbreath @.***> wrote:
Sorry about that. That feature was definitely supposed to be behind a config option. This has been rectified in build 1287.
As for why we do this check @Phoenix616 https://github.com/Phoenix616 its because Purpur has the option to put a player into invulnerable mode while they are accepting/downloading a server resource pack. This check was put into place to prevent modded clients from abusing this feature to gain unlimited vulnerability. You can send the resource pack through ServerPlayer#sendTexturePack or manually set Purpur's ServerPlayer#acceptingResourcePack flag to make this plugin compatible with this feature.
@mibby https://github.com/mibby Make sure you disable the player.invulnerable-while-accepting-resource-pack option in purpur.yml until this plugin becomes compatible with the feature.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Phoenix616/ResourcepacksPlugins/issues/55#issuecomment-882080370, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABMAMTJZZ6M2H3M5OK4BU3TTYL4HVANCNFSM5ASB2FVA .
Well that's not really possible in that case as the plugin sends the pack from the proxy :)
Shouldn't the plugin on the proxy swallow the responses then?
No, this plugin doesn't handle the responses at all. And even if I don't
believe they should be swallowed, if they would then plugins behind the
proxy wouldn't be able to listen on the status or check the
Player#hasResourcepack
to see if the player has a pack.
On Sun, Jul 18, 2021, 20:10 BillyGalbreath @.***> wrote:
Well that's not really possible in that case as the plugin sends the pack from the proxy :)
Shouldn't the plugin on the proxy swallow the responses then?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Phoenix616/ResourcepacksPlugins/issues/55#issuecomment-882103857, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABMAMTLFJTVGMZWAKX4YSZLTYMRJRANCNFSM5ASB2FVA .
Closing this seeing as there now is a work around (even though it might not be ideal in most situations).
As for why we do this check @Phoenix616 its because Purpur has the option to put a player into invulnerable mode while they are accepting/downloading a server resource pack. This check was put into place to prevent modded clients from abusing this feature to gain unlimited vulnerability.
Out of curiosity though: Why are you not freezing the player when the pack request is sent instead of when the ACCEPTED
response comes? Wouldn't only freezing directly on send prevent the possibility for the exploit completely (and also ensure a bit more that the player doesn't get damaged as the server doesn't have to wait for the response)?
Used Version
BungeeResourcepacks version 1.8.6-SNAPSHOT (build 433) by Phoenix616
Config
Environment description
Waterfall dev 445 (BungeeCord 1.17.1) Purpur dev 1285 (Paper 1.17.1)
Full Log
BungeeCord log
Server log
What other programs/plugins are you running?
What is happening?
Disconnect from server due to BungeeResourcepack triggering resource pack packet exploitation attempts. Even if your resource pack is disabled in the multiplayer menu, BRP sends a packet check to the client that disconnects the user.
What did you expect to happen?
Being able to login without being disconnected.
Additional context
Delaying the pack sending delays the disconnect but doesn't fix the problem. Only fully removing BungeeResourcepacks from BungeeCord fixes the problem.