Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A couple of fixes for handling of secure chat #1366

Merged
merged 9 commits into from
Jul 5, 2024
Merged

A couple of fixes for handling of secure chat #1366

merged 9 commits into from
Jul 5, 2024

Conversation

Gegy
Copy link
Contributor

@Gegy Gegy commented Jul 3, 2024

This PR addresses a couple of issues in the implementation of secure chat handling in Velocity:

  • Any command with a 'last seen' update (every command pre-1.20.5) could not be cancelled by the proxy
    • This PR introduces a system to 'delay' these acknowledgements to ensure that we can always pass a state to the server that is consistent with messages signed by the client
  • Modified or spoofed commands would not have a last seen update attached, which would be rejected by pre-1.20.5 servers

Most of the diff is refactoring ChatQueue to be able to capture the state that we need - recommend to review commit-by-commit.

This potentially resolves some cases of #1127 - but it's hard to say given possible interaction from other plugins and servers, and would need to get some specific testing on that. However, from personal experience running these patches on a 1.20.4 server over a few months - we haven't been able to reproduce any issues. 🙂

Thanks!

Gegy added 2 commits July 3, 2024 09:33
@Gegy
Refactor ChatQueue to track and expose general chat state
41d76f5
@Gegy
Remove unneeded check
b518aae 
SessionCommandHandler is only constructed for >= 1.19.3.
powercasgamer
powercasgamer suggested changes Jul 3, 2024
View reviewed changes
Copy link
Sponsor Contributor

@powercasgamer powercasgamer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor import nitpick

.../main/java/com/velocitypowered/proxy/protocol/packet/chat/session/SessionCommandHandler.java Outdated Show resolved Hide resolved
.../java/com/velocitypowered/proxy/protocol/packet/chat/session/SessionPlayerCommandPacket.java Outdated Show resolved Hide resolved
...java/com/velocitypowered/proxy/protocol/packet/chat/session/UnsignedPlayerCommandPacket.java Outdated Show resolved Hide resolved
@Gegy Gegy mentioned this pull request Jul 3, 2024
Merged
Gegy added 7 commits July 3, 2024 10:04
@Gegy
Extract common command handler paths
cd4a863
@Gegy
Don't require command to be signed to pass it through as-is
f97b47b
@Gegy
Explicitly reject consuming signed command when denied by event
43524da 
This would fail down the line anyway due to inconsistent chat state (if holding a 'last seen' update)
@Gegy
Capture a consistent and reusable 'last seen' state for use in comman…
2802105 
…d packets
@Gegy
Fix: pass through last seen update in a few missing places
f6950d1 
This is hardly useful in the case of signed player chat messages, as these fundamentally cannot be spoofed or modified - however, for any unsigned input (particularly commands without any signed arguments), 'last seen' updates are still required and should be passed through in a consistent state.
@Gegy
Fix: only treat command as signed if it has signatures
e4b0364 
The Vanilla client will send 'last seen' even if the message is not signed, so this is much stricter than it needs to be. This should allow commands without any signed arguments to be modified/consumed by the proxy.
@Gegy
Don't forward chat acknowledgement if the client didn't acknowledge a…
c1b3ae6 
…ny chat
@kashike kashike self-assigned this Jul 4, 2024
@kashike kashike merged commit 4eae510 into PaperMC:dev/3.0.0 Jul 5, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@powercasgamer powercasgamer powercasgamer requested changes

@kashike kashike kashike approved these changes

Assignees

@kashike kashike

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Gegy @kashike @powercasgamer