-
Bug
-
Resolution: Unresolved
-
None
-
1.15.1
-
None
-
Confirmed
-
Networking
-
Low
-
Platform
The bug
When the server responds to a GS4 query with the challenge request, it can incorrectly convert the session ID.
This might be intended, based on what the four bytes sent for every request actually mean. wiki.vg calls them "session ID", the UnrealWikiAdmin "timestamp" and the Mojang mappings "ident".
The problem is that the server creates the challenge request data in the following way (with this.identBytes being the "session ID"):
this.ident = new String(this.identBytes, StandardCharsets.UTF_8); this.challenge = new Random().nextInt(0x1000000); this.challengeBytes = String.format("\t%s%d\u0000", this.ident, this.challenge).getBytes(StandardCharsets.UTF_8);
Since the "session ID" could be any arbitrary 4 bytes, they may not be valid UTF-8 encoded chars and therefore this.ident can lose information (all malformed input bytes or unmappable characters become the same replacement string). And encoding them using UTF-8 again when creating this.challengeBytes could therefore create more than the initial 4 bytes (replacement \uFFFD takes 3 bytes encoded using UTF-8).
How to reproduce
- Start a local server with the following server.properties settings:
enable-query=true query.port=25565
- Run the attached Java code MalformedSessionId.java
Java 11(+)
java .\MalformedSessionId.java
Pre Java 11javac .\MalformedSessionId.java java MalformedSessionId
You will see the output: "Received session id: efbfbdefbfbdefbfbd1f"