minetest-mods/mesecons
1
0
Fork 2
mirror of https://github.com/minetest-mods/mesecons.git synced 2025-07-06 17:40:24 +02:00
Code Issues Releases Wiki Activity

Luacontroller: Restrict digiline messages

Browse Source 
Restrict maximum length of messages to 50.000 characters and disable sending functions or table references over the wire. Restrict types of channel variable to string, number or boolean.

The missing length restriction made DoS-like attacks possible by overflowing memory using string concatenation. Thanks to gamemanj for disclosing this issue.
This commit is contained in:
Jeija
2016-12-28 10:07:59 +01:00
parent 67cd17aa79
commit 703e6fdadb
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
mesecons/util.lua
View File

@ -151,6 +151,22 @@ function mesecon.tablecopy(table) -- deep table copy
return newtable
end
function mesecon.tablecopy_stripfunctions(table) -- deep table copy, but remove all functions
if type(table) == "function" then return nil end -- functions become nil
if type(table) ~= "table" then return table end -- no need to copy
local newtable = {}
for idx, item in pairs(table) do
if type(item) == "table" then
newtable[idx] = mesecon.tablecopy(item)
elseif type(item) ~= "function" then
newtable[idx] = item
end
end
return newtable
end
function mesecon.cmpAny(t1, t2)
if type(t1) ~= type(t2) then return false end
if type(t1) ~= "table" and type(t2) ~= "table" then return t1 == t2 end