Impact
When handling form responses from the client (ModalFormResponsePacket), the Minecraft Windows client may send weird JSON that json_decode() can't understand. A workaround for this is implemented in InGamePacketHandler::stupid_json_decode().
An InvalidArgumentException is thrown by this function when it fails to fix an error found in the JSON, which is not caught by the caller. This leads to a server crash.
Patches
56fe71d939c38fe14e18a31a673a9331bcc0e4ca
Workarounds
A plugin may handle DataPacketReceiveEvent, capture ModalFormResponsePacket and run the provided JSON through stupid_json_decode.
Note that this requires copying the body of the function to a plugin, since the function is currently private.
For more information
If you have any questions or comments about this advisory:
References
Impact
When handling form responses from the client (
ModalFormResponsePacket), the Minecraft Windows client may send weird JSON thatjson_decode()can't understand. A workaround for this is implemented inInGamePacketHandler::stupid_json_decode().An
InvalidArgumentExceptionis thrown by this function when it fails to fix an error found in the JSON, which is not caught by the caller. This leads to a server crash.Patches
56fe71d939c38fe14e18a31a673a9331bcc0e4ca
Workarounds
A plugin may handle
DataPacketReceiveEvent, captureModalFormResponsePacketand run the provided JSON throughstupid_json_decode.Note that this requires copying the body of the function to a plugin, since the function is currently private.
For more information
If you have any questions or comments about this advisory:
References