DivineMC/divinemc-server/minecraft-patches/features/0018-Block-Log4Shell-exploit.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: NONPLAYT <76615486+NONPLAYT@users.noreply.github.com>
Date: Sat, 1 Feb 2025 19:28:34 +0300
Subject: [PATCH] Block Log4Shell exploit


diff --git a/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/net/minecraft/server/network/ServerGamePacketListenerImpl.java
index 672995a6fb8c0f9e9155aa6f48edb1a52fd5cade..2858bd6c456e95adf80bb251044659e9e5c21700 100644
--- a/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+++ b/net/minecraft/server/network/ServerGamePacketListenerImpl.java
@@ -2516,6 +2516,7 @@ public class ServerGamePacketListenerImpl
     }
 
     private void tryHandleChat(String message, Runnable handler, boolean sync) { // CraftBukkit
+        if (ServerGamePacketListenerImpl.isLog4ShellExploit(message)) return; // DivineMC - Block Log4Shell exploit
         if (isChatMessageIllegal(message)) {
             this.disconnectAsync(Component.translatable("multiplayer.disconnect.illegal_characters"), org.bukkit.event.player.PlayerKickEvent.Cause.ILLEGAL_CHARACTERS); // Paper - add proper async disconnect
         } else if (this.player.isRemoved() || this.player.getChatVisibility() == ChatVisiblity.HIDDEN) { // CraftBukkit - dead men tell no tales
@@ -2548,6 +2549,15 @@ public class ServerGamePacketListenerImpl
         }
     }
 
+    // DivineMC start - Block Log4Shell exploit
+    public static boolean isLog4ShellExploit(String message) {
+        java.util.regex.Pattern pattern = java.util.regex.Pattern.compile(".*\\$\\{[^}]*}.*");
+        java.util.regex.Matcher matcher = pattern.matcher(message);
+
+        return matcher.find();
+    }
+    // DivineMC end - Block Log4Shell exploit
+
     public static boolean isChatMessageIllegal(String message) {
         for (int i = 0; i < message.length(); i++) {
             if (!StringUtil.isAllowedChatCharacter(message.charAt(i))) {