diff options
author | Jeija <norrepli@gmail.com> | 2016-03-13 22:01:46 +0100 |
---|---|---|
committer | Jeija <norrepli@gmail.com> | 2016-03-13 22:01:46 +0100 |
commit | 1e77b193ddaaabc66a164c0213ea58559d2d863a (patch) | |
tree | 509fdf89fbe175715fa72b5b3220f286b0ad6830 | |
parent | 08b14e3af0384bf23de3fa976ae94e212819218e (diff) | |
download | mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.tar mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.tar.gz mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.tar.bz2 mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.tar.xz mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.zip |
Luacontroller: Add safe version of string.rep and remove string.gsub,
fixes #255
-rw-r--r-- | mesecons_luacontroller/init.lua | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/mesecons_luacontroller/init.lua b/mesecons_luacontroller/init.lua index 2aa4328..7d15e30 100644 --- a/mesecons_luacontroller/init.lua +++ b/mesecons_luacontroller/init.lua @@ -205,6 +205,16 @@ local function safe_date() return(os.date("*t",os.time())) end +-- string.rep(str, n) with a high value for n can be used to DoS +-- the server. Therefore, limit max. length of generated string. +local function safe_string_rep(str, n) + if #str * n > mesecon.setting("luacontroller_string_rep_max", 64000) then + error("string.rep: string length overflow", 2) + end + + return string.rep(str, n) +end + local function remove_functions(x) local tp = type(x) if tp == "table" then @@ -275,11 +285,10 @@ local function create_environment(pos, mem, event) byte = string.byte, char = string.char, format = string.format, - gsub = string.gsub, len = string.len, lower = string.lower, upper = string.upper, - rep = string.rep, + rep = safe_string_rep, reverse = string.reverse, sub = string.sub, }, @@ -339,7 +348,6 @@ end local function timeout() - debug.sethook() -- Clear hook error("Code timed out!", 2) end |