Skip to content

Commit ac8ac19

Browse files
sfan5sfan5
authoredMar 4, 2021
Protect mg_name and mg_flags from being set by Lua (#11010)
·
5.11.05.5.0
1 parent 5b42b5a commit ac8ac19

File tree

1 file changed

+35
-10
lines changed

1 file changed

+35
-10
lines changed
 

Diff for: ‎src/script/lua_api/l_settings.cpp

+35-10
Original file line numberDiff line numberDiff line change
@@ -27,12 +27,36 @@ with this program; if not, write to the Free Software Foundation, Inc.,
2727
#include "log.h"
2828

2929

30-
#define SET_SECURITY_CHECK(L, name) \
31-
if (o->m_settings == g_settings && ScriptApiSecurity::isSecure(L) && \
32-
name.compare(0, 7, "secure.") == 0) { \
33-
throw LuaError("Attempt to set secure setting."); \
30+
/* This protects:
31+
* 'secure.*' settings from being set
32+
* some mapgen settings from being set
33+
* (not security-criticial, just to avoid messing up user configs)
34+
*/
35+
#define CHECK_SETTING_SECURITY(L, name) \
36+
if (o->m_settings == g_settings) { \
37+
if (checkSettingSecurity(L, name) == -1) \
38+
return 0; \
3439
}
3540

41+
static inline int checkSettingSecurity(lua_State* L, const std::string &name)
42+
{
43+
if (ScriptApiSecurity::isSecure(L) && name.compare(0, 7, "secure.") == 0)
44+
throw LuaError("Attempt to set secure setting.");
45+
46+
bool is_mainmenu = false;
47+
#ifndef SERVER
48+
is_mainmenu = ModApiBase::getGuiEngine(L) != nullptr;
49+
#endif
50+
if (!is_mainmenu && (name == "mg_name" || name == "mg_flags")) {
51+
errorstream << "Tried to set global setting " << name << ", ignoring. "
52+
"minetest.set_mapgen_setting() should be used instead." << std::endl;
53+
infostream << script_get_backtrace(L) << std::endl;
54+
return -1;
55+
}
56+
57+
return 0;
58+
}
59+
3660
LuaSettings::LuaSettings(Settings *settings, const std::string &filename) :
3761
m_settings(settings),
3862
m_filename(filename)
@@ -130,6 +154,7 @@ int LuaSettings::l_get_np_group(lua_State *L)
130154
return 1;
131155
}
132156

157+
// get_flags(self, key) -> table or nil
133158
int LuaSettings::l_get_flags(lua_State *L)
134159
{
135160
NO_MAP_LOCK_REQUIRED;
@@ -162,7 +187,7 @@ int LuaSettings::l_set(lua_State* L)
162187
std::string key = std::string(luaL_checkstring(L, 2));
163188
const char* value = luaL_checkstring(L, 3);
164189

165-
SET_SECURITY_CHECK(L, key);
190+
CHECK_SETTING_SECURITY(L, key);
166191

167192
if (!o->m_settings->set(key, value))
168193
throw LuaError("Invalid sequence found in setting parameters");
@@ -179,14 +204,14 @@ int LuaSettings::l_set_bool(lua_State* L)
179204
std::string key = std::string(luaL_checkstring(L, 2));
180205
bool value = readParam<bool>(L, 3);
181206

182-
SET_SECURITY_CHECK(L, key);
207+
CHECK_SETTING_SECURITY(L, key);
183208

184209
o->m_settings->setBool(key, value);
185210

186-
return 1;
211+
return 0;
187212
}
188213

189-
// set(self, key, value)
214+
// set_np_group(self, key, value)
190215
int LuaSettings::l_set_np_group(lua_State *L)
191216
{
192217
NO_MAP_LOCK_REQUIRED;
@@ -196,7 +221,7 @@ int LuaSettings::l_set_np_group(lua_State *L)
196221
NoiseParams value;
197222
read_noiseparams(L, 3, &value);
198223

199-
SET_SECURITY_CHECK(L, key);
224+
CHECK_SETTING_SECURITY(L, key);
200225

201226
o->m_settings->setNoiseParams(key, value);
202227

@@ -211,7 +236,7 @@ int LuaSettings::l_remove(lua_State* L)
211236

212237
std::string key = std::string(luaL_checkstring(L, 2));
213238

214-
SET_SECURITY_CHECK(L, key);
239+
CHECK_SETTING_SECURITY(L, key);
215240

216241
bool success = o->m_settings->remove(key);
217242
lua_pushboolean(L, success);

0 commit comments

Comments
 (0)
Please sign in to comment.