Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ClientLoginNetworkAddon does not handle unsuccessful query responses #3384

Closed
masmc05 opened this issue Oct 21, 2023 · 9 comments
Closed

ClientLoginNetworkAddon does not handle unsuccessful query responses #3384

masmc05 opened this issue Oct 21, 2023 · 9 comments
Labels
bug Something isn't working

Comments

@masmc05
Copy link

masmc05 commented Oct 21, 2023

CompletableFuture<@Nullable PacketByteBuf> future = handler.receive(this.client, this.handler, buf, futureListeners::add);
future.thenAccept(result -> {
LoginQueryResponseC2SPacket packet = new LoginQueryResponseC2SPacket(queryId, new PacketByteBufLoginQueryResponse(result));

As we can see here, even though the listener correctly states that the buffer can be null, it doesn't handle that, resulting in NPE on serialization

Maybe it should have been like that?

ServerboundCustomQueryAnswerPacket packet = new ServerboundCustomQueryAnswerPacket(queryId, result == null ? null : new PacketByteBufLoginQueryResponse(result));
@modmuss50 modmuss50 added the bug Something isn't working label Oct 21, 2023
@modmuss50
Copy link
Member

Just to confirm are you using Minecraft 1.20.2?

@masmc05
Copy link
Author

masmc05 commented Oct 21, 2023

yes

@modmuss50
Copy link
Member

Out of intrest whats your usecase for using the login networking APIs? In 1.20.2 in most cases the configuration phase should be a tottal replacement for the login phase.

@masmc05
Copy link
Author

masmc05 commented Oct 21, 2023

For several reasons from the past we add an additional security level for top admins, we'll feel safer that way

@modmuss50
Copy link
Member

I would highly reccomend looking into doing this during the configuration phase, its the perfect place to send addional data such as this.

@apple502j
Copy link
Contributor

No, this logic should be kept in the login phase.

@liach
Copy link
Contributor

liach commented Oct 21, 2023

I would highly reccomend looking into doing this during the configuration phase, its the perfect place to send addional data such as this.

The login query request is guaranteed to receive a response from a vanilla client. In comparison, detecting whether a packet is understood with ping and pong to and attaching pending authentication info onto server-side client objects are more error-prone and is more invasive. And the login network handler has a hold of the vanilla authentication information that modders wish to access.

@modmuss50
Copy link
Member

detecting whether a packet is understood with ping and pong to and attaching pending authentication info onto server-side client objects are more error-prone and is more invasive.

This is handled by Fabric API, if its error-prone I need to know about it ASAP as reg sync and other critical parts of fabric API wont be working as expected.

@apple502j
Copy link
Contributor

The problem here is not that configuration networking is doomed (it isn't), it is that for this specific use (security check) you don't want to even proceed to configuration in the first place.

modmuss50 added a commit that referenced this issue Nov 2, 2023
* refactor network addon session handling

* Check payload size

* Fix ClientLoginNetworkAddon does not handle unsuccessful query responses
Closes #3384

* Adjust some logging.

---------

Co-authored-by: deirn <[email protected]>
(cherry picked from commit bff13c8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants