GS4 query can leak data from previous requests

The bug

The GS4 query of servers (see wiki) can leak data of previous requests.

However, the impact of this is probably rather low because the only information which is leaked is the session ID / ident (Mojang name) / timestamp (UnrealAdminWiki), which is currently not used for session management.

How to reproduce

1. Start a local server with the following server.properties settings:

   enable-query=true
   query.port=25565
   

2. Run the attached Java code MinecraftQuerySessionId.java
   Java 11(+)

   java .\MinecraftQuerySessionId.java
   

   Pre Java 11

   javac .\MinecraftQuerySessionId.java
   java MinecraftQuerySessionId
   

   You will see the output: "Session id: 1f1f1f1f"

Code analysis

net.minecraft.server.rcon.thread.QueryThreadGs4.processPacket(DatagramPacket) (Mojang name) incorrectly considers challenge requests of size >= 3 and < 7 to be valid. This causes the constructor QueryThreadGs4.RequestChallenge.RequestChallenge(QueryThreadGs4, DatagramPacket) to use the data of a previous request as identBytes values.