Mojira Archive
MC-99599

Server does not test if player is sleeping when receiving CPacketEntityAction.Action.STOP_SLEEPING

The bug

The following is based on decompiled version of Minecraft 1.9 using MCP 9.24 beta. All method and class names are the names used in the decompiled version.

When the server receives a net.minecraft.network.play.client.CPacketEntityAction packet with the action net.minecraft.network.play.client.CPacketEntityAction.Action.STOP_SLEEPING it wakes up the player without even testing if the player is sleeping. This results in a NullPointerException.

[21:13:56] [Server thread/FATAL]: Error executing task
java.util.concurrent.ExecutionException: java.lang.NullPointerException
	at java.util.concurrent.FutureTask.report(Unknown Source) ~[?:1.8.0_73]
	at java.util.concurrent.FutureTask.get(Unknown Source) ~[?:1.8.0_73]
	at net.minecraft.util.Util.runTask(Util.java:15) [bin/:?]
	at net.minecraft.server.MinecraftServer.updateTimeLightAndEntities(MinecraftServer.java:736) [bin/:?]
	at net.minecraft.server.dedicated.DedicatedServer.updateTimeLightAndEntities(DedicatedServer.java:398) [bin/:?]
	at net.minecraft.server.MinecraftServer.tick(MinecraftServer.java:683) [bin/:?]
	at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:557) [bin/:?]
	at java.lang.Thread.run(Unknown Source) [?:1.8.0_73]
Caused by: java.lang.NullPointerException
	at net.minecraft.world.World.isValid(World.java:241) ~[bin/:?]
	at net.minecraft.world.World.getBlockState(World.java:774) ~[bin/:?]
	at net.minecraft.entity.player.EntityPlayer.wakeUpPlayer(EntityPlayer.java:1625) ~[bin/:?]
	at net.minecraft.entity.player.EntityPlayerMP.wakeUpPlayer(EntityPlayerMP.java:710) ~[bin/:?]
	at net.minecraft.network.NetHandlerPlayServer.processEntityAction(NetHandlerPlayServer.java:988) ~[bin/:?]
	at net.minecraft.network.play.client.CPacketEntityAction.processPacket(CPacketEntityAction.java:39) ~[bin/:?]
	at net.minecraft.network.play.client.CPacketEntityAction.processPacket(CPacketEntityAction.java:1) ~[bin/:?]
	at net.minecraft.network.PacketThreadUtil$1.run(PacketThreadUtil.java:15) ~[bin/:?]
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) ~[?:1.8.0_73]
	at java.util.concurrent.FutureTask.run(Unknown Source) ~[?:1.8.0_73]
	at net.minecraft.util.Util.runTask(Util.java:14) ~[bin/:?]
	... 5 more

This is a vulnerability as modified clients could try to constantly send this packets trying to crash the server or something similar.

Fixed

Marcono1234

[Mojang] Agnes Larsson

2016-03-13, 10:19 PM

2016-12-22, 09:47 PM

2016-10-11, 03:32 PM

0

1

Unconfirmed

packet, server, sleeping

Minecraft 1.9

Minecraft 16w41a