aboutsummaryrefslogtreecommitdiff
path: root/src/script/cpp_api
diff options
context:
space:
mode:
authorest31 <MTest31@outlook.com>2016-12-22 23:16:00 +0100
committerest31 <MTest31@outlook.com>2016-12-22 23:16:00 +0100
commit81d56b94919dceb7b2e51d70b21a7ca22f852bd5 (patch)
tree1e9ef1be1b3295a8673d6e4f0bdeb4c2d3a6015f /src/script/cpp_api
parent8077612dcb48221281e726a60eb97bf73fde462b (diff)
parent231ac33d34dfaaddf292c5f31b1eae43eeefba2d (diff)
downloadminetest-81d56b94919dceb7b2e51d70b21a7ca22f852bd5.tar.gz
minetest-81d56b94919dceb7b2e51d70b21a7ca22f852bd5.tar.bz2
minetest-81d56b94919dceb7b2e51d70b21a7ca22f852bd5.zip
Merge 0.4.15 changes into stable-0.4
0.4.15 release!
Diffstat (limited to 'src/script/cpp_api')
-rw-r--r--src/script/cpp_api/s_async.cpp3
-rw-r--r--src/script/cpp_api/s_async.h2
-rw-r--r--src/script/cpp_api/s_env.cpp4
-rw-r--r--src/script/cpp_api/s_node.cpp1
-rw-r--r--src/script/cpp_api/s_player.cpp6
-rw-r--r--src/script/cpp_api/s_player.h2
-rw-r--r--src/script/cpp_api/s_security.cpp148
-rw-r--r--src/script/cpp_api/s_security.h21
8 files changed, 129 insertions, 58 deletions
diff --git a/src/script/cpp_api/s_async.cpp b/src/script/cpp_api/s_async.cpp
index 9bf3fcf49..1fb84fab6 100644
--- a/src/script/cpp_api/s_async.cpp
+++ b/src/script/cpp_api/s_async.cpp
@@ -81,6 +81,7 @@ bool AsyncEngine::registerFunction(const char* name, lua_CFunction func)
if (initDone) {
return false;
}
+
functionList[name] = func;
return true;
}
@@ -203,7 +204,7 @@ void AsyncEngine::pushFinishedJobs(lua_State* L) {
/******************************************************************************/
void AsyncEngine::prepareEnvironment(lua_State* L, int top)
{
- for (std::map<std::string, lua_CFunction>::iterator it = functionList.begin();
+ for (UNORDERED_MAP<std::string, lua_CFunction>::iterator it = functionList.begin();
it != functionList.end(); it++) {
lua_pushstring(L, it->first.c_str());
lua_pushcfunction(L, it->second);
diff --git a/src/script/cpp_api/s_async.h b/src/script/cpp_api/s_async.h
index 8d612d58c..016381e5f 100644
--- a/src/script/cpp_api/s_async.h
+++ b/src/script/cpp_api/s_async.h
@@ -132,7 +132,7 @@ private:
bool initDone;
// Internal store for registred functions
- std::map<std::string, lua_CFunction> functionList;
+ UNORDERED_MAP<std::string, lua_CFunction> functionList;
// Internal counter to create job IDs
unsigned int jobIdCounter;
diff --git a/src/script/cpp_api/s_env.cpp b/src/script/cpp_api/s_env.cpp
index 82d0d4f0e..913d8539d 100644
--- a/src/script/cpp_api/s_env.cpp
+++ b/src/script/cpp_api/s_env.cpp
@@ -212,11 +212,13 @@ void ScriptApiEnv::on_emerge_area_completion(
{
Server *server = getServer();
+ // This function should be executed with envlock held.
+ // The caller (LuaEmergeAreaCallback in src/script/lua_api/l_env.cpp)
+ // should have obtained the lock.
// Note that the order of these locks is important! Envlock must *ALWAYS*
// be acquired before attempting to acquire scriptlock, or else ServerThread
// will try to acquire scriptlock after it already owns envlock, thus
// deadlocking EmergeThread and ServerThread
- MutexAutoLock envlock(server->m_env_mutex);
SCRIPTAPI_PRECHECKHEADER
diff --git a/src/script/cpp_api/s_node.cpp b/src/script/cpp_api/s_node.cpp
index 17f0f0dac..379ed773f 100644
--- a/src/script/cpp_api/s_node.cpp
+++ b/src/script/cpp_api/s_node.cpp
@@ -58,6 +58,7 @@ struct EnumString ScriptApiNode::es_ContentParamType2[] =
{CPT2_WALLMOUNTED, "wallmounted"},
{CPT2_LEVELED, "leveled"},
{CPT2_DEGROTATE, "degrotate"},
+ {CPT2_MESHOPTIONS, "meshoptions"},
{0, NULL},
};
diff --git a/src/script/cpp_api/s_player.cpp b/src/script/cpp_api/s_player.cpp
index 807430678..a8c07476c 100644
--- a/src/script/cpp_api/s_player.cpp
+++ b/src/script/cpp_api/s_player.cpp
@@ -135,7 +135,8 @@ void ScriptApiPlayer::on_joinplayer(ServerActiveObject *player)
runCallbacks(1, RUN_CALLBACKS_MODE_FIRST);
}
-void ScriptApiPlayer::on_leaveplayer(ServerActiveObject *player)
+void ScriptApiPlayer::on_leaveplayer(ServerActiveObject *player,
+ bool timeout)
{
SCRIPTAPI_PRECHECKHEADER
@@ -144,7 +145,8 @@ void ScriptApiPlayer::on_leaveplayer(ServerActiveObject *player)
lua_getfield(L, -1, "registered_on_leaveplayers");
// Call callbacks
objectrefGetOrCreate(L, player);
- runCallbacks(1, RUN_CALLBACKS_MODE_FIRST);
+ lua_pushboolean(L, timeout);
+ runCallbacks(2, RUN_CALLBACKS_MODE_FIRST);
}
void ScriptApiPlayer::on_cheat(ServerActiveObject *player,
diff --git a/src/script/cpp_api/s_player.h b/src/script/cpp_api/s_player.h
index 2e4dc2222..86ee1b024 100644
--- a/src/script/cpp_api/s_player.h
+++ b/src/script/cpp_api/s_player.h
@@ -38,7 +38,7 @@ public:
bool on_prejoinplayer(const std::string &name, const std::string &ip,
std::string *reason);
void on_joinplayer(ServerActiveObject *player);
- void on_leaveplayer(ServerActiveObject *player);
+ void on_leaveplayer(ServerActiveObject *player, bool timeout);
void on_cheat(ServerActiveObject *player, const std::string &cheat_type);
bool on_punchplayer(ServerActiveObject *player,
ServerActiveObject *hitter, float time_from_last_punch,
diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index 730235c7b..1b1f148cd 100644
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -249,8 +249,8 @@ bool ScriptApiSecurity::isSecure(lua_State *L)
#define CHECK_FILE_ERR(ret, fp) \
if (ret) { \
- if (fp) std::fclose(fp); \
lua_pushfstring(L, "%s: %s", path, strerror(errno)); \
+ if (fp) std::fclose(fp); \
return false; \
}
@@ -285,39 +285,50 @@ bool ScriptApiSecurity::safeLoadFile(lua_State *L, const char *path)
if (c == LUA_SIGNATURE[0]) {
lua_pushliteral(L, "Bytecode prohibited when mod security is enabled.");
+ std::fclose(fp);
+ if (path) {
+ delete [] chunk_name;
+ }
return false;
}
// Read the file
int ret = std::fseek(fp, 0, SEEK_END);
CHECK_FILE_ERR(ret, fp);
- if (ret) {
- std::fclose(fp);
- lua_pushfstring(L, "%s: %s", path, strerror(errno));
- return false;
- }
+
size_t size = std::ftell(fp) - start;
char *code = new char[size];
ret = std::fseek(fp, start, SEEK_SET);
- CHECK_FILE_ERR(ret, fp);
if (ret) {
- std::fclose(fp);
lua_pushfstring(L, "%s: %s", path, strerror(errno));
+ std::fclose(fp);
+ delete [] code;
+ if (path) {
+ delete [] chunk_name;
+ }
return false;
}
+
size_t num_read = std::fread(code, 1, size, fp);
if (path) {
std::fclose(fp);
}
if (num_read != size) {
lua_pushliteral(L, "Error reading file to load.");
+ delete [] code;
+ if (path) {
+ delete [] chunk_name;
+ }
return false;
}
if (luaL_loadbuffer(L, code, size, chunk_name)) {
+ delete [] code;
return false;
}
+ delete [] code;
+
if (path) {
delete [] chunk_name;
}
@@ -325,12 +336,15 @@ bool ScriptApiSecurity::safeLoadFile(lua_State *L, const char *path)
}
-bool ScriptApiSecurity::checkPath(lua_State *L, const char *path)
+bool ScriptApiSecurity::checkPath(lua_State *L, const char *path,
+ bool write_required, bool *write_allowed)
{
+ if (write_allowed)
+ *write_allowed = false;
+
std::string str; // Transient
- std::string norel_path = fs::RemoveRelativePathComponents(path);
- std::string abs_path = fs::AbsolutePath(norel_path);
+ std::string abs_path = fs::AbsolutePath(path);
if (!abs_path.empty()) {
// Don't allow accessing the settings file
@@ -341,18 +355,29 @@ bool ScriptApiSecurity::checkPath(lua_State *L, const char *path)
// If we couldn't find the absolute path (path doesn't exist) then
// try removing the last components until it works (to allow
// non-existent files/folders for mkdir).
- std::string cur_path = norel_path;
+ std::string cur_path = path;
std::string removed;
while (abs_path.empty() && !cur_path.empty()) {
- std::string tmp_rmed;
- cur_path = fs::RemoveLastPathComponent(cur_path, &tmp_rmed);
- removed = tmp_rmed + (removed.empty() ? "" : DIR_DELIM + removed);
+ std::string component;
+ cur_path = fs::RemoveLastPathComponent(cur_path, &component);
+ if (component == "..") {
+ // Parent components can't be allowed or we could allow something like
+ // /home/user/minetest/worlds/foo/noexist/../../../../../../etc/passwd.
+ // If we have previous non-relative elements in the path we might be
+ // able to remove them so that things like worlds/foo/noexist/../auth.txt
+ // could be allowed, but those paths will be interpreted as nonexistent
+ // by the operating system anyways.
+ return false;
+ }
+ removed = component + (removed.empty() ? "" : DIR_DELIM + removed);
abs_path = fs::AbsolutePath(cur_path);
}
- if (abs_path.empty()) return false;
+ if (abs_path.empty())
+ return false;
// Add the removed parts back so that you can't, eg, create a
// directory in worldmods if worldmods doesn't exist.
- if (!removed.empty()) abs_path += DIR_DELIM + removed;
+ if (!removed.empty())
+ abs_path += DIR_DELIM + removed;
// Get server from registry
lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_SCRIPTAPI);
@@ -369,32 +394,53 @@ bool ScriptApiSecurity::checkPath(lua_State *L, const char *path)
// Builtin can access anything
if (mod_name == BUILTIN_MOD_NAME) {
+ if (write_allowed) *write_allowed = true;
return true;
}
// Allow paths in mod path
- const ModSpec *mod = server->getModSpec(mod_name);
- if (mod) {
- str = fs::AbsolutePath(mod->path);
+ // Don't bother if write access isn't important, since it will be handled later
+ if (write_required || write_allowed != NULL) {
+ const ModSpec *mod = server->getModSpec(mod_name);
+ if (mod) {
+ str = fs::AbsolutePath(mod->path);
+ if (!str.empty() && fs::PathStartsWith(abs_path, str)) {
+ if (write_allowed) *write_allowed = true;
+ return true;
+ }
+ }
+ }
+ }
+ lua_pop(L, 1); // Pop mod name
+
+ // Allow read-only access to all mod directories
+ if (!write_required) {
+ const std::vector<ModSpec> mods = server->getMods();
+ for (size_t i = 0; i < mods.size(); ++i) {
+ str = fs::AbsolutePath(mods[i].path);
if (!str.empty() && fs::PathStartsWith(abs_path, str)) {
return true;
}
}
}
- lua_pop(L, 1); // Pop mod name
str = fs::AbsolutePath(server->getWorldPath());
- if (str.empty()) return false;
- // Don't allow access to world mods. We add to the absolute path
- // of the world instead of getting the absolute paths directly
- // because that won't work if they don't exist.
- if (fs::PathStartsWith(abs_path, str + DIR_DELIM + "worldmods") ||
- fs::PathStartsWith(abs_path, str + DIR_DELIM + "game")) {
- return false;
- }
- // Allow all other paths in world path
- if (fs::PathStartsWith(abs_path, str)) {
- return true;
+ if (!str.empty()) {
+ // Don't allow access to other paths in the world mod/game path.
+ // These have to be blocked so you can't override a trusted mod
+ // by creating a mod with the same name in a world mod directory.
+ // We add to the absolute path of the world instead of getting
+ // the absolute paths directly because that won't work if they
+ // don't exist.
+ if (fs::PathStartsWith(abs_path, str + DIR_DELIM + "worldmods") ||
+ fs::PathStartsWith(abs_path, str + DIR_DELIM + "game")) {
+ return false;
+ }
+ // Allow all other paths in world path
+ if (fs::PathStartsWith(abs_path, str)) {
+ if (write_allowed) *write_allowed = true;
+ return true;
+ }
}
// Default to disallowing
@@ -465,7 +511,7 @@ int ScriptApiSecurity::sl_g_loadfile(lua_State *L)
if (lua_isstring(L, 1)) {
path = lua_tostring(L, 1);
- CHECK_SECURE_PATH(L, path);
+ CHECK_SECURE_PATH_INTERNAL(L, path, false, NULL);
}
if (!safeLoadFile(L, path)) {
@@ -514,14 +560,28 @@ int ScriptApiSecurity::sl_g_require(lua_State *L)
int ScriptApiSecurity::sl_io_open(lua_State *L)
{
+ bool with_mode = lua_gettop(L) > 1;
+
luaL_checktype(L, 1, LUA_TSTRING);
const char *path = lua_tostring(L, 1);
- CHECK_SECURE_PATH(L, path);
+
+ bool write_requested = false;
+ if (with_mode) {
+ luaL_checktype(L, 2, LUA_TSTRING);
+ const char *mode = lua_tostring(L, 2);
+ write_requested = strchr(mode, 'w') != NULL ||
+ strchr(mode, '+') != NULL ||
+ strchr(mode, 'a') != NULL;
+ }
+ CHECK_SECURE_PATH_INTERNAL(L, path, write_requested, NULL);
push_original(L, "io", "open");
lua_pushvalue(L, 1);
- lua_pushvalue(L, 2);
- lua_call(L, 2, 2);
+ if (with_mode) {
+ lua_pushvalue(L, 2);
+ }
+
+ lua_call(L, with_mode ? 2 : 1, 2);
return 2;
}
@@ -530,7 +590,7 @@ int ScriptApiSecurity::sl_io_input(lua_State *L)
{
if (lua_isstring(L, 1)) {
const char *path = lua_tostring(L, 1);
- CHECK_SECURE_PATH(L, path);
+ CHECK_SECURE_PATH_INTERNAL(L, path, false, NULL);
}
push_original(L, "io", "input");
@@ -544,7 +604,7 @@ int ScriptApiSecurity::sl_io_output(lua_State *L)
{
if (lua_isstring(L, 1)) {
const char *path = lua_tostring(L, 1);
- CHECK_SECURE_PATH(L, path);
+ CHECK_SECURE_PATH_INTERNAL(L, path, true, NULL);
}
push_original(L, "io", "output");
@@ -558,16 +618,16 @@ int ScriptApiSecurity::sl_io_lines(lua_State *L)
{
if (lua_isstring(L, 1)) {
const char *path = lua_tostring(L, 1);
- CHECK_SECURE_PATH(L, path);
+ CHECK_SECURE_PATH_INTERNAL(L, path, false, NULL);
}
+ int top_precall = lua_gettop(L);
push_original(L, "io", "lines");
lua_pushvalue(L, 1);
- int top_precall = lua_gettop(L);
lua_call(L, 1, LUA_MULTRET);
// Return number of arguments returned by the function,
// adjusting for the function being poped.
- return lua_gettop(L) - (top_precall - 1);
+ return lua_gettop(L) - top_precall;
}
@@ -575,11 +635,11 @@ int ScriptApiSecurity::sl_os_rename(lua_State *L)
{
luaL_checktype(L, 1, LUA_TSTRING);
const char *path1 = lua_tostring(L, 1);
- CHECK_SECURE_PATH(L, path1);
+ CHECK_SECURE_PATH_INTERNAL(L, path1, true, NULL);
luaL_checktype(L, 2, LUA_TSTRING);
const char *path2 = lua_tostring(L, 2);
- CHECK_SECURE_PATH(L, path2);
+ CHECK_SECURE_PATH_INTERNAL(L, path2, true, NULL);
push_original(L, "os", "rename");
lua_pushvalue(L, 1);
@@ -593,7 +653,7 @@ int ScriptApiSecurity::sl_os_remove(lua_State *L)
{
luaL_checktype(L, 1, LUA_TSTRING);
const char *path = lua_tostring(L, 1);
- CHECK_SECURE_PATH(L, path);
+ CHECK_SECURE_PATH_INTERNAL(L, path, true, NULL);
push_original(L, "os", "remove");
lua_pushvalue(L, 1);
diff --git a/src/script/cpp_api/s_security.h b/src/script/cpp_api/s_security.h
index 97bc5c067..6876108e8 100644
--- a/src/script/cpp_api/s_security.h
+++ b/src/script/cpp_api/s_security.h
@@ -23,14 +23,18 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "cpp_api/s_base.h"
-#define CHECK_SECURE_PATH(L, path) \
- if (!ScriptApiSecurity::checkPath(L, path)) { \
- throw LuaError(std::string("Attempt to access external file ") + \
- path + " with mod security on."); \
+#define CHECK_SECURE_PATH_INTERNAL(L, path, write_required, ptr) \
+ if (!ScriptApiSecurity::checkPath(L, path, write_required, ptr)) { \
+ throw LuaError(std::string("Mod security: Blocked attempted ") + \
+ (write_required ? "write to " : "read from ") + path); \
}
-#define CHECK_SECURE_PATH_OPTIONAL(L, path) \
+#define CHECK_SECURE_PATH(L, path, write_required) \
if (ScriptApiSecurity::isSecure(L)) { \
- CHECK_SECURE_PATH(L, path); \
+ CHECK_SECURE_PATH_INTERNAL(L, path, write_required, NULL); \
+ }
+#define CHECK_SECURE_PATH_POSSIBLE_WRITE(L, path, ptr) \
+ if (ScriptApiSecurity::isSecure(L)) { \
+ CHECK_SECURE_PATH_INTERNAL(L, path, false, ptr); \
}
@@ -43,8 +47,9 @@ public:
static bool isSecure(lua_State *L);
// Loads a file as Lua code safely (doesn't allow bytecode).
static bool safeLoadFile(lua_State *L, const char *path);
- // Checks if mods are allowed to read and write to the path
- static bool checkPath(lua_State *L, const char *path);
+ // Checks if mods are allowed to read (and optionally write) to the path
+ static bool checkPath(lua_State *L, const char *path, bool write_required,
+ bool *write_allowed=NULL);
private:
// Syntax: "sl_" <Library name or 'g' (global)> '_' <Function name>