search

Phoenix616 / ResourcepacksPlugins

Set resource packs on whole proxy, per server and per world!
https://ci.minebench.de/job/ResourcepacksPlugins/
GNU General Public License v3.0
77 stars 16 forks source link

BungeeResourcePack disconnecting users on login due to resource pack packet exploitation attempt #55

Closed mibby closed 2 years ago

mibby commented 2 years ago

Used Version

BungeeResourcepacks version 1.8.6-SNAPSHOT (build 433) by Phoenix616

Config

debug: false
default-language: en
disable-metrics: true
autogeneratehashes: true
usepack-is-temporary: true
stored-packs-override-assignments: false
permanent-pack-remove-time: 0
empty:
  url: http://cdn.moep.tv/files/Empty.zip
  hash: 01517226212d27586ea0c5d6aff1aa5492dd2484
global:
  pack: rp
  send-delay: 20
packs:
  rp:
    url: https://censored/serverpack/rp.zip
    hash: 3ba45d7a7d236729009d4ede99c794e5f9afe556
    format: 7
    restricted: false
    permission: resourcepack.pack.rp

Environment description

Waterfall dev 445 (BungeeCord 1.17.1) Purpur dev 1285 (Paper 1.17.1)

Full Log

BungeeCord log

[03:55:46] [Netty Worker IO Thread #1/INFO]: [/censored-ip:49302] <-> InitialHandler has connected
[03:55:47] [Netty Worker IO Thread #1/INFO]: [mibby|/censored-ip:49302] <-> ServerConnector [server] has connected
[03:55:51] [Netty Worker IO Thread #1/INFO]: [mibby] disconnected with: multiplayer.texturePrompt.failure.line1
[03:55:51] [Netty Worker IO Thread #1/INFO]: [/censored-ip:49302|mibby] -> UpstreamBridge has disconnected
[03:55:51] [Netty Worker IO Thread #1/INFO]: [/censored-ip:49302|mibby] <-> DownstreamBridge <-> [server] has disconnected
[03:56:15] [Netty Worker IO Thread #8/INFO]: [/censored-ip:49313] <-> InitialHandler has connected
[03:56:16] [Netty Worker IO Thread #8/INFO]: [mibby|/censored-ip:49313] <-> ServerConnector [server] has connected
[03:56:19] [Netty Worker IO Thread #8/INFO]: [mibby] disconnected with: multiplayer.texturePrompt.failure.line1
[03:56:19] [Netty Worker IO Thread #8/INFO]: [/censored-ip:49313|mibby] <-> DownstreamBridge <-> [server] has disconnected
[03:56:20] [Netty Worker IO Thread #8/INFO]: [/censored-ip:49313|mibby] -> UpstreamBridge has disconnected

Server log

[03:55:50] [Server thread/INFO]: Disconnecting TextComponent{text='mibby', siblings=[], style=Style{ color=null, bold=null, italic=null, underlined=null, strikethrough=null, obfuscated=null, clickEvent=null, hoverEvent=null, insertion=null, font=minecraft:default}} due to resource pack packet exploitation attempt
[03:55:51] [Server thread/INFO]: mibby lost connection: Server resource pack couldn't be applied
[03:55:51] [Craft Scheduler Thread - 10 - mcMMO/INFO]: [mcMMO] Aborting profile loading recovery for mibby - player logged out
[03:56:16] [User Authenticator #1/INFO]: UUID of player mibby is censored-uuid
[03:56:17] [Server thread/INFO]: mibby[/censored-ip:54515] logged in with entity id 887 at ([spawn]-21.33077406640026, 53.0, 5.738365860783118)
[03:56:19] [Server thread/INFO]: Disconnecting TextComponent{text='mibby', siblings=[], style=Style{ color=null, bold=null, italic=null, underlined=null, strikethrough=null, obfuscated=null, clickEvent=null, hoverEvent=null, insertion=null, font=minecraft:default}} due to resource pack packet exploitation attempt
[03:56:19] [Server thread/INFO]: mibby lost connection: Server resource pack couldn't be applied
[03:56:19] [Craft Scheduler Thread - 20 - mcMMO/INFO]: [mcMMO] Aborting profile loading recovery for mibby - player logged out
[03:57:37] [User Authenticator #2/INFO]: UUID of player mibby is censored-uuid
[03:57:38] [Server thread/INFO]: mibby[/censored-ip:52139] logged in with entity id 1269 at ([spawn]-21.33077406640026, 53.0, 5.738365860783118)
[03:57:41] [Server thread/INFO]: Disconnecting TextComponent{text='mibby', siblings=[], style=Style{ color=null, bold=null, italic=null, underlined=null, strikethrough=null, obfuscated=null, clickEvent=null, hoverEvent=null, insertion=null, font=minecraft:default}} due to resource pack packet exploitation attempt
[03:57:41] [Server thread/INFO]: mibby lost connection: Server resource pack couldn't be applied
[03:58:22] [User Authenticator #2/INFO]: UUID of player mibby is censored-uuid
[03:58:23] [Server thread/INFO]: mibby[/censored-ip:54723] logged in with entity id 1725 at ([spawn]-21.847427547861543, 53.0, 5.231136325337318)
[03:58:32] [Server thread/INFO]: Disconnecting TextComponent{text='mibby', siblings=[], style=Style{ color=null, bold=null, italic=null, underlined=null, strikethrough=null, obfuscated=null, clickEvent=null, hoverEvent=null, insertion=null, font=minecraft:default}} due to resource pack packet exploitation attempt
[03:58:32] [Server thread/INFO]: mibby lost connection: Server resource pack couldn't be applied

What other programs/plugins are you running?

What is happening?

Disconnect from server due to BungeeResourcepack triggering resource pack packet exploitation attempts. Even if your resource pack is disabled in the multiplayer menu, BRP sends a packet check to the client that disconnects the user.

What did you expect to happen?

Being able to login without being disconnected.

Additional context

Delaying the pack sending delays the disconnect but doesn't fix the problem. Only fully removing BungeeResourcepacks from BungeeCord fixes the problem.

mibby commented 2 years ago

@BillyGalbreath Incompatibility caused by Purpur? https://github.com/pl3xgaming/Purpur/blob/0d0caaa91ffa3c51603d51ebb8fbe735ca6313d2/patches/server/0019-Player-invulnerabilities.patch#L92-L98

https://github.com/pl3xgaming/Purpur/commit/c64af8769b2469a17402e1963b5f1f6494ad9af7

Phoenix616 commented 2 years ago

Imo. Purpur should provide an option for that protection. Fixing this in the plugin wouldn't be trivial and would require something like preventing that the status packets gets sent through the Bungee. (Something some people might even want so it would need an option too)

Also generally speaking I'm a bit sceptical why that check is even necessary in the server directly. Plugins that care about that case can easily handle that exact logic themselves and not trigger when they didn't send a pack.

BillyGalbreath commented 2 years ago

Sorry about that. That feature was definitely supposed to be behind a config option. This has been rectified in build 1287.

As for why we do this check @Phoenix616 its because Purpur has the option to put a player into invulnerable mode while they are accepting/downloading a server resource pack. This check was put into place to prevent modded clients from abusing this feature to gain unlimited vulnerability. You can send the resource pack through ServerPlayer#sendTexturePack or manually set Purpur's ServerPlayer#acceptingResourcePack flag to make this plugin compatible with this feature.

@mibby Make sure you disable the player.invulnerable-while-accepting-resource-pack option in purpur.yml until this plugin becomes compatible with the feature.

Phoenix616 commented 2 years ago

You can send the resource pack through ServerPlayer#sendTexturePack or manually set Purpur's ServerPlayer#acceptingResourcePack flag to make this plugin compatible with this feature.

Well that's not really possible in that case as the plugin sends the pack from the proxy :)

On Sun, Jul 18, 2021, 17:10 BillyGalbreath @.***> wrote:

Sorry about that. That feature was definitely supposed to be behind a config option. This has been rectified in build 1287.

As for why we do this check @Phoenix616 https://github.com/Phoenix616 its because Purpur has the option to put a player into invulnerable mode while they are accepting/downloading a server resource pack. This check was put into place to prevent modded clients from abusing this feature to gain unlimited vulnerability. You can send the resource pack through ServerPlayer#sendTexturePack or manually set Purpur's ServerPlayer#acceptingResourcePack flag to make this plugin compatible with this feature.

@mibby https://github.com/mibby Make sure you disable the player.invulnerable-while-accepting-resource-pack option in purpur.yml until this plugin becomes compatible with the feature.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Phoenix616/ResourcepacksPlugins/issues/55#issuecomment-882080370, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABMAMTJZZ6M2H3M5OK4BU3TTYL4HVANCNFSM5ASB2FVA .

BillyGalbreath commented 2 years ago

Well that's not really possible in that case as the plugin sends the pack from the proxy :)

Shouldn't the plugin on the proxy swallow the responses then?

Phoenix616 commented 2 years ago

No, this plugin doesn't handle the responses at all. And even if I don't believe they should be swallowed, if they would then plugins behind the proxy wouldn't be able to listen on the status or check the Player#hasResourcepack to see if the player has a pack.

On Sun, Jul 18, 2021, 20:10 BillyGalbreath @.***> wrote:

Well that's not really possible in that case as the plugin sends the pack from the proxy :)

Shouldn't the plugin on the proxy swallow the responses then?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Phoenix616/ResourcepacksPlugins/issues/55#issuecomment-882103857, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABMAMTLFJTVGMZWAKX4YSZLTYMRJRANCNFSM5ASB2FVA .

Phoenix616 commented 2 years ago

Closing this seeing as there now is a work around (even though it might not be ideal in most situations).

As for why we do this check @Phoenix616 its because Purpur has the option to put a player into invulnerable mode while they are accepting/downloading a server resource pack. This check was put into place to prevent modded clients from abusing this feature to gain unlimited vulnerability.

Out of curiosity though: Why are you not freezing the player when the pack request is sent instead of when the ACCEPTED response comes? Wouldn't only freezing directly on send prevent the possibility for the exploit completely (and also ensure a bit more that the player doesn't get damaged as the server doesn't have to wait for the response)?