Skip to content

Commit

Permalink
Luacontroller: Add safe version of string.rep and remove string.gsub,
Browse files Browse the repository at this point in the history 
fixes #255
  • Loading branch information
@Jeija
Jeija committed Mar 13, 2016
1 parent 08b14e3 commit 1e77b19
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions mesecons_luacontroller/init.lua
View file
Expand Up @@ -205,6 +205,16 @@ local function safe_date()
return(os.date("*t",os.time()))
end

-- string.rep(str, n) with a high value for n can be used to DoS
-- the server. Therefore, limit max. length of generated string.
local function safe_string_rep(str, n)
if #str * n > mesecon.setting("luacontroller_string_rep_max", 64000) then
error("string.rep: string length overflow", 2)
end

return string.rep(str, n)
end

local function remove_functions(x)
local tp = type(x)
if tp == "table" then
Expand Down Expand Up @@ -275,11 +285,10 @@ local function create_environment(pos, mem, event)
byte = string.byte,
char = string.char,
format = string.format,
gsub = string.gsub,
len = string.len,
lower = string.lower,
upper = string.upper,
rep = string.rep,
rep = safe_string_rep,
reverse = string.reverse,
sub = string.sub,
},
Expand Down Expand Up @@ -339,7 +348,6 @@ end


local function timeout()
debug.sethook() -- Clear hook
error("Code timed out!", 2)
end

Expand Down

1 comment on commit 1e77b19

@Jeija
Copy link
Collaborator Author

@Jeija Jeija commented on 1e77b19 Mar 14, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I don't exactly know why this happens since debug.sethook() should be executed after pcall anways, but since I'm no expert on this stuff, I put it back in.

Please sign in to comment.