summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeija <norrepli@gmail.com>2016-03-13 22:01:46 +0100
committerJeija <norrepli@gmail.com>2016-03-13 22:01:46 +0100
commit1e77b193ddaaabc66a164c0213ea58559d2d863a (patch)
tree509fdf89fbe175715fa72b5b3220f286b0ad6830
parent08b14e3af0384bf23de3fa976ae94e212819218e (diff)
downloadmesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.tar
mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.tar.gz
mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.tar.bz2
mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.tar.xz
mesecons-1e77b193ddaaabc66a164c0213ea58559d2d863a.zip
Luacontroller: Add safe version of string.rep and remove string.gsub,
fixes #255
-rw-r--r--mesecons_luacontroller/init.lua14
1 files changed, 11 insertions, 3 deletions
diff --git a/mesecons_luacontroller/init.lua b/mesecons_luacontroller/init.lua
index 2aa4328..7d15e30 100644
--- a/mesecons_luacontroller/init.lua
+++ b/mesecons_luacontroller/init.lua
@@ -205,6 +205,16 @@ local function safe_date()
return(os.date("*t",os.time()))
end
+-- string.rep(str, n) with a high value for n can be used to DoS
+-- the server. Therefore, limit max. length of generated string.
+local function safe_string_rep(str, n)
+ if #str * n > mesecon.setting("luacontroller_string_rep_max", 64000) then
+ error("string.rep: string length overflow", 2)
+ end
+
+ return string.rep(str, n)
+end
+
local function remove_functions(x)
local tp = type(x)
if tp == "table" then
@@ -275,11 +285,10 @@ local function create_environment(pos, mem, event)
byte = string.byte,
char = string.char,
format = string.format,
- gsub = string.gsub,
len = string.len,
lower = string.lower,
upper = string.upper,
- rep = string.rep,
+ rep = safe_string_rep,
reverse = string.reverse,
sub = string.sub,
},
@@ -339,7 +348,6 @@ end
local function timeout()
- debug.sethook() -- Clear hook
error("Code timed out!", 2)
end