From 3a8c7888807e4483bbdb3edd81c9893f3e2f427d Mon Sep 17 00:00:00 2001 From: ShadowNinja Date: Fri, 5 Sep 2014 20:08:51 -0400 Subject: Add mod security Due to compatibility concerns, this is temporarily disabled. --- src/script/lua_api/l_mapgen.cpp | 7 +++++-- src/script/lua_api/l_server.cpp | 3 ++- src/script/lua_api/l_settings.cpp | 2 ++ src/script/lua_api/l_util.cpp | 14 +++++++++++--- 4 files changed, 20 insertions(+), 6 deletions(-) (limited to 'src/script/lua_api') diff --git a/src/script/lua_api/l_mapgen.cpp b/src/script/lua_api/l_mapgen.cpp index d94f902c4..dc3644e1c 100644 --- a/src/script/lua_api/l_mapgen.cpp +++ b/src/script/lua_api/l_mapgen.cpp @@ -22,6 +22,7 @@ with this program; if not, write to the Free Software Foundation, Inc., #include "lua_api/l_vmanip.h" #include "common/c_converter.h" #include "common/c_content.h" +#include "cpp_api/s_security.h" #include "util/serialize.h" #include "server.h" #include "environment.h" @@ -1031,6 +1032,10 @@ int ModApiMapgen::l_generate_decorations(lua_State *L) int ModApiMapgen::l_create_schematic(lua_State *L) { INodeDefManager *ndef = getServer(L)->getNodeDefManager(); + + const char *filename = luaL_checkstring(L, 4); + CHECK_SECURE_PATH_OPTIONAL(L, filename); + Map *map = &(getEnv(L)->getMap()); Schematic schem; @@ -1069,8 +1074,6 @@ int ModApiMapgen::l_create_schematic(lua_State *L) } } - const char *filename = luaL_checkstring(L, 4); - if (!schem.getSchematicFromMap(map, p1, p2)) { errorstream << "create_schematic: failed to get schematic " "from map" << std::endl; diff --git a/src/script/lua_api/l_server.cpp b/src/script/lua_api/l_server.cpp index 99e73b03e..0d8926317 100644 --- a/src/script/lua_api/l_server.cpp +++ b/src/script/lua_api/l_server.cpp @@ -21,6 +21,7 @@ with this program; if not, write to the Free Software Foundation, Inc., #include "lua_api/l_internal.h" #include "common/c_converter.h" #include "common/c_content.h" +#include "cpp_api/s_base.h" #include "server.h" #include "environment.h" #include "player.h" @@ -342,7 +343,7 @@ int ModApiServer::l_show_formspec(lua_State *L) int ModApiServer::l_get_current_modname(lua_State *L) { NO_MAP_LOCK_REQUIRED; - lua_getfield(L, LUA_REGISTRYINDEX, "current_modname"); + lua_getfield(L, LUA_REGISTRYINDEX, SCRIPT_MOD_NAME_FIELD); return 1; } diff --git a/src/script/lua_api/l_settings.cpp b/src/script/lua_api/l_settings.cpp index 9c88a3e05..35b82b435 100644 --- a/src/script/lua_api/l_settings.cpp +++ b/src/script/lua_api/l_settings.cpp @@ -19,6 +19,7 @@ with this program; if not, write to the Free Software Foundation, Inc., #include "lua_api/l_settings.h" #include "lua_api/l_internal.h" +#include "cpp_api/s_security.h" #include "settings.h" #include "log.h" @@ -188,6 +189,7 @@ int LuaSettings::create_object(lua_State* L) { NO_MAP_LOCK_REQUIRED; const char* filename = luaL_checkstring(L, 1); + CHECK_SECURE_PATH_OPTIONAL(L, filename); LuaSettings* o = new LuaSettings(filename); *(void **)(lua_newuserdata(L, sizeof(void *))) = o; luaL_getmetatable(L, className); diff --git a/src/script/lua_api/l_util.cpp b/src/script/lua_api/l_util.cpp index 283cca01f..151d449d5 100644 --- a/src/script/lua_api/l_util.cpp +++ b/src/script/lua_api/l_util.cpp @@ -92,12 +92,19 @@ int ModApiUtil::l_log(lua_State *L) return 0; } +#define CHECK_SECURE_SETTING(L, name) \ + if (name.compare(0, 7, "secure.") == 0) {\ + lua_pushliteral(L, "Attempt to set secure setting.");\ + lua_error(L);\ + } + // setting_set(name, value) int ModApiUtil::l_setting_set(lua_State *L) { NO_MAP_LOCK_REQUIRED; - const char *name = luaL_checkstring(L, 1); - const char *value = luaL_checkstring(L, 2); + std::string name = luaL_checkstring(L, 1); + std::string value = luaL_checkstring(L, 2); + CHECK_SECURE_SETTING(L, name); g_settings->set(name, value); return 0; } @@ -120,8 +127,9 @@ int ModApiUtil::l_setting_get(lua_State *L) int ModApiUtil::l_setting_setbool(lua_State *L) { NO_MAP_LOCK_REQUIRED; - const char *name = luaL_checkstring(L, 1); + std::string name = luaL_checkstring(L, 1); bool value = lua_toboolean(L, 2); + CHECK_SECURE_SETTING(L, name); g_settings->setBool(name, value); return 0; } -- cgit v1.2.3