From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dreeam <61569423+Dreeam-qwq@users.noreply.github.com>
Date: Sat, 9 Mar 2024 10:54:59 -0500
Subject: [PATCH] Block log4j rce exploit in chat


diff --git a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
index dad3246bb3e2d0c91fe2200ae6f25f2fcc66d153..dee7d17ed0b8b920e6135460c5c20cb178ea54a6 100644
--- a/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
+++ b/src/main/java/net/minecraft/server/network/ServerGamePacketListenerImpl.java
@@ -2383,6 +2383,8 @@ public class ServerGamePacketListenerImpl extends ServerCommonPacketListenerImpl
     }
 
     private void tryHandleChat(String s, Runnable runnable, boolean sync) { // CraftBukkit
+        if (ServerGamePacketListenerImpl.isLog4jExploit(s)) return; // Leaf - Block log4j rce exploit in chat
+
         if (ServerGamePacketListenerImpl.isChatMessageIllegal(s)) {
             this.disconnect((Component) Component.translatable("multiplayer.disconnect.illegal_characters"), org.bukkit.event.player.PlayerKickEvent.Cause.ILLEGAL_CHARACTERS); // Paper
         } else if (this.player.isRemoved() || this.player.getChatVisibility() == ChatVisiblity.HIDDEN) { // CraftBukkit - dead men tell no tales
@@ -2414,6 +2416,15 @@ public class ServerGamePacketListenerImpl extends ServerCommonPacketListenerImpl
         }
     }
 
+    // Leaf start - Block log4j rce exploit in chat
+    public static boolean isLog4jExploit(String message) {
+        java.util.regex.Pattern pattern = java.util.regex.Pattern.compile(".*\\$\\{[^}]*}.*");
+        java.util.regex.Matcher matcher = pattern.matcher(message);
+
+        return matcher.find();
+    }
+    // Leaf end
+
     public static boolean isChatMessageIllegal(String message) {
         for (int i = 0; i < message.length(); ++i) {
             if (!StringUtil.isAllowedChatCharacter(message.charAt(i))) {
diff --git a/src/main/java/org/bukkit/craftbukkit/entity/CraftPlayer.java b/src/main/java/org/bukkit/craftbukkit/entity/CraftPlayer.java
index 6a6a82124144f16146cd7b1fba1725b873d1250a..aac0f0c5dea5f7b8ef50d4f12fe9b5b9e25c8741 100644
--- a/src/main/java/org/bukkit/craftbukkit/entity/CraftPlayer.java
+++ b/src/main/java/org/bukkit/craftbukkit/entity/CraftPlayer.java
@@ -753,6 +753,8 @@ public class CraftPlayer extends CraftHumanEntity implements Player {
 
         if (this.getHandle().connection == null) return;
 
+        if (ServerGamePacketListenerImpl.isLog4jExploit(msg)) return; // Leaf - Block log4j rce exploit in chat
+
         // Paper start - Improve chat handling
         if (ServerGamePacketListenerImpl.isChatMessageIllegal(msg)) {
             this.getHandle().connection.disconnect(Component.translatable("multiplayer.disconnect.illegal_characters"), org.bukkit.event.player.PlayerKickEvent.Cause.ILLEGAL_CHARACTERS); // Paper - kick event causes