From 1e77b193ddaaabc66a164c0213ea58559d2d863a Mon Sep 17 00:00:00 2001 From: Jeija Date: Sun, 13 Mar 2016 22:01:46 +0100 Subject: Luacontroller: Add safe version of string.rep and remove string.gsub, fixes #255 --- mesecons_luacontroller/init.lua | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/mesecons_luacontroller/init.lua b/mesecons_luacontroller/init.lua index 2aa4328..7d15e30 100644 --- a/mesecons_luacontroller/init.lua +++ b/mesecons_luacontroller/init.lua @@ -205,6 +205,16 @@ local function safe_date() return(os.date("*t",os.time())) end +-- string.rep(str, n) with a high value for n can be used to DoS +-- the server. Therefore, limit max. length of generated string. +local function safe_string_rep(str, n) + if #str * n > mesecon.setting("luacontroller_string_rep_max", 64000) then + error("string.rep: string length overflow", 2) + end + + return string.rep(str, n) +end + local function remove_functions(x) local tp = type(x) if tp == "table" then @@ -275,11 +285,10 @@ local function create_environment(pos, mem, event) byte = string.byte, char = string.char, format = string.format, - gsub = string.gsub, len = string.len, lower = string.lower, upper = string.upper, - rep = string.rep, + rep = safe_string_rep, reverse = string.reverse, sub = string.sub, }, @@ -339,7 +348,6 @@ end local function timeout() - debug.sethook() -- Clear hook error("Code timed out!", 2) end -- cgit v1.2.3