Mojira Archive
MC-106329

Server does not restrict Client's item usage

Sometimes, especially when it comes to crashing servers, users are likely to go completely overboard and try to start DoS attacks against servers in super creative ways. This example here is yet another case of a Minecrafter not playing by the rules and thus flooding a server with packets.

Disclaimer: This works best on creative vanilla servers with no anti-cheat/anti-flood plugins installed. However, it might work in other environments, too. Also, reproducing this will most likely cause your client to crash/lag out rather than the server; I first had to completely disable particle rendering in order to get the server to crash before my client.

Please note that this is not the only and probably not the best way to reproduce this. It might just be possible to code a custom client which joins a server and does all of this for us.

How to reproduce

First of all, you'll have to set up a vanilla Minecraft server (accept the EULA, set online-mode to false for the MCP client to be able to join when starting it from the IDE). Then download the newest version of the Minecraft mod coder pack and run the setup for your preferred IDE.

After you've finished the setup part, jump over to net.minecraft.client.renderer.EntityRenderer.renderWorldPass() and comment out the line particlemanager.renderParticles(entity, partialTicks); and particlemanager.renderLitParticles(entity, partialTicks);. Then, go to net.minecraft.client.Minecraft.runTickKeyboard() and add this piece of code at the beginning of the while-loop.

if(Keyboard.isKeyDown(65)) {
	for (int j = 0; j < 1000; j++) { 
		KeyBinding.onTick(Minecraft.getMinecraft().gameSettings.keyBindUseItem.getKeyCode());
	}
}

Now, compile the project, hit that "Run Client" button at the top of your IDE, join the server you just set up, get yourself any lingering potion and press F7. Doing this for long enough will cause the server to eventually crash as soon as a single server tick takes 60 seconds or more.

Code analysis (20w07a)

Mojang names

Since neither net.minecraft.server.network.ServerGamePacketListenerImpl.handleUseItem(ServerboundUseItemPacket) nor net.minecraft.server.level.ServerPlayerGameMode.useItem(Player, Level, ItemStack, InteractionHand) appear to enforce any general cooldown, this is likely still possible.

Unresolved

Xakep_SDK

2016-08-18, 01:02 PM

2024-12-04, 08:25 AM

1

3

Confirmed

Important

Platform

Crash, Networking

crash

Minecraft 1.10.2 - 20w07aMinecraft 1.10.2, Minecraft 16w32a, Minecraft 16w32b, Minecraft 16w33a, Minecraft 1.12.2, 20w07a

-