Commit Graph

85 Commits

Author SHA1 Message Date
luk3yx
8808bb8911 Mark LuaController memory as private
If LuaControllers handle sensitive information, hacked clients could get this information from the LuaController. Marking the memory as private fixes this and saves a small amount of bandwidth.
2018-09-18 13:01:18 +02:00
Vitaliy
d4e05f33af
Fix Luacontroller’s print() (#422)
Because of working inside the sandbox, it was unable to print tables.
2018-07-23 15:53:32 +03:00
beyondlimits
12fb09f452 Fix crash when error()ing an invalid value on programming (#418) 2018-07-18 22:49:34 +03:00
20kdc
065e870349 Improve LuaController security (#393)
Fixes:
1. Lack of 'safe' on minetest.deserialize usage
2. String sandbox bypass via (""):evil()
3. Loss of upcoming digilines messages on server shutdown
4. LCs failing to show information on some errors
5. Interrupt IDs as infinite data storage
2018-01-22 14:26:21 +03:00
Christopher Head
2b096f050d Limit and optimize digiline_send (#379)
* Close vulnerability and optimize digiline_send

`digiline_send` as it previously existed was vulnerable to a
time-of-check-to-time-of-use vulnerability in which a table could be
sent, size-checked, and then modified after the send but before
delivery. This would allow larger tables to be sent. It was also slow
because it called `minetest.serialize`. Fix both of these by
implementing custom message cleanup logic which simultaneously computes
the message’s cost.

* Clean up interaction with Digilines

Use `minetest.global_exists` to avoid an undefined global variable
warning when operating a Luacontroller with Digilines not available. Use
the new `digilines` table in preference to the old `digiline` table.

* Copy received messages

When a Digiline message is received at a Luacontroller, copy it so that
local modifications made by the Luacontroller code will not modify
copies of the table that are being passed to other nodes on the Digiline
network.
2018-01-13 22:27:00 +03:00
DS
ff0bd76efe Set is_ground_content to false (#386) 2017-11-01 00:50:39 +03:00
Vitaliy
cc860acf8a Publish some LuaC API (#348) 2017-10-18 22:54:28 +03:00
DS
905260c8db Handle blasts (#356) 2017-10-07 01:44:49 +03:00
number Zero
564bdc2d9b Fix crash when error()ing an invalid value
See #337 for details.
2017-05-08 17:34:30 +03:00
DS
f9ebbdc0fb Make LuaC formspec bigger (#338) 2017-05-08 02:59:57 +04:00
numberZero
54b9eaffa2 Improve overheating (#334)
New overheating system that doesn’t use the meta.
2017-04-14 23:14:17 +04:00
Wuzzy
967bde284a Spell-check and clarify item names
* Fix inconsistent insulated mesecon names
* Clarify lightstone names
* Rename meselamp to "Mesecon Lamp"
* Use capitalization "Luacontroller" consistently
* Cleanup / improvements for logic gate naming
2017-03-07 19:04:05 +01:00
Jeija
54daee236e Luacontroller: Revert function stripping from digiline messages 2017-01-15 20:11:12 +01:00
Jeija
703e6fdadb Luacontroller: Restrict digiline messages
Restrict maximum length of messages to 50.000 characters and disable sending functions or table references over the wire. Restrict types of channel variable to string, number or boolean.

The missing length restriction made DoS-like attacks possible by overflowing memory using string concatenation. Thanks to gamemanj for disclosing this issue.
2016-12-28 10:07:59 +01:00
Christopher Head
53eaf2af11
Remove an obsolete comment. 2016-08-16 00:16:24 -07:00
Carter Kolwey
40487a65f4 Add protection support to Luacontrollers,
protection is ignored with protection_bypass_priv
2016-05-17 07:58:50 +02:00
electrodude
6cae381c27 Luacontroller: Fix remove_functions stack overflow bug 2016-04-26 20:40:12 +02:00
Pedro Gimeno
b487783c23 Disable JIT optimization for user code and allow string.find in plain mode
Disabling LuaJIT for user code enables normal working of debug.sethook() even for loops. The drawback is that that code will run more slowly.

The fourth parameter of string.find indicates whether the second parameter should be interpreted literally (true) or as a pattern (false). Allowing patterns enables DoS attacks, but it's possible to
allow literal matching with little effort, by disallowing the function only if the fourth parameter (plain mode) is not `true`.
2016-04-02 17:31:40 +02:00
Jeija
72e513ecbd Luacontroller: Put clearing debug hook before throwing error back in 2016-03-14 12:51:57 +01:00
Jeija
1e77b193dd Luacontroller: Add safe version of string.rep and remove string.gsub,
fixes #255
2016-03-13 22:01:46 +01:00
Jeija
08b14e3af0 Luacontroller: Fix function usage in LuaJIT, make 'do' no longer
prohibited, remove pcall and xpcall, fix global lookup of "jit"
variable, correct error locations

Thanks to @ShadowNinja and @gamemanj for fixing this in #241
2016-03-13 21:16:16 +01:00
Carter Kolwey
35b647ed4a Add os.datetable(), a (very) limited wrapper for os.date(). Fixes #246. 2016-01-02 01:13:38 -06:00
Jeija
0ec771bf7d Major change: Documentation is now included with mesecons, the website just extracts the documentation in a more readable format
This makes development of new features easier, as documentation can automatically be updated on the website without modifying the website's code!
Every mod that has nodes in the mesecons modpack has a "doc" folder that contains subfolders with recipe, description and preview of the block. The website will discover which documentation is available
by reading the documentation.json file.
2015-11-20 20:14:50 +01:00
Jeija
b89fe52469 Luacontroller: Add configurable size limit for mem table, 100kBytes by default, fixes #240
If size limit is exceeded, the luacontroller overheats. Overheating will cause the memory
to be erased.
2015-10-18 11:28:35 +02:00
Jeija
97f7b5745f Remove trailing whitespace 2015-10-04 13:30:34 +02:00
Jeija
011543a782 Fix #196, removes soft-depend on commonlib 2014-12-20 10:11:12 +01:00
Jeija
d2373eb605 Don't trigger an "off" event to itself when luacontroller turns a port off
I hope this doesn't break anyone's setup.
2014-11-29 10:56:09 +01:00
Jeija
2a51e40af9 Fix luacontroller: attempt to perform arithmetic on global 'print_count' (a nil value) 2014-11-25 19:53:29 +01:00
Jeija
4bd9d2a9ec Merge branch 'improve-luacontroller'
However, without the print_count limiting functionality

Conflicts:
	mesecons_luacontroller/init.lua
2014-11-25 17:36:52 +01:00
Jeija
f388dc475a Fix luacontroller interrupts not working if no iid is supplied 2014-11-23 10:59:51 +01:00
Jeija
085b4d8bb7 Fix burnt luacontroller, nodebox + crash 2014-11-22 23:14:45 +01:00
Jeija
0e3aa57ed3 Merge branch 'improve-luacontroller' of https://github.com/ShadowNinja/minetest-mod-mesecons into ShadowNinja-improve-luacontroller
Conflicts:
	mesecons/legacy.lua
	mesecons_luacontroller/init.lua
	mesecons_microcontroller/init.lua
2014-11-22 23:04:34 +01:00
Jeija
f977ac821a Re-implement settings system:
Settings can now be retrieved by mesecon.setting(<name>, <default>) and can be modified without
editing the source code by adding the setting to minetest.conf
For instance, you can add mesecon.blinky_plant_interval = 0.5 to minetest.conf in order to
increase the blinking speed.
Rewrite the blinky plant with nodetimers.
Fixes #161
2014-11-22 22:09:26 +01:00
Jeija
5be179bf11 Replace mesecon:<some_function> with mesecon.<some_function> for greater
flexibility and because it was never inteded to be OOP in the first
place.

mesecon.receptor_on and mesecon.receptor_off are provided by wrappers
(mesecon:receptor_on/off) for compatibility, but will be removed. Mod
programmers that use mesecons: Please update!

Also, fix microcontroller polluting the global namespace and remove some
deprecated stuff.
2014-11-22 15:42:22 +01:00
Jeija
ffacbfde5a Use an iterative algorithm for turnon() and turnoff(), fixes #160
This may also bring some performance benefit.
2014-11-22 14:47:18 +01:00
Jeija
dcf1f799c5 Fix #184, Fix #186, Fix #187
Just some minor issues like dead code.
2014-11-21 21:43:28 +01:00
ShadowNinja
bd1766e448 Improve the LuaController
Changes:
  * Stops code after a certain number of instructions.
  * Allows functions, due to instruction counting.
  * Allows loops and goto with non-JIT Lua (LuaJIT doesn't count looping as an instruction, allowing infinite loops), due to instruction counting.
  * Removes string matching functions as they can be slow.
  * Adds some safe functions.
  * Limits the amount of printing that can be done (to prevent console flooding).
  * Code cleanup.
  * More...
2014-10-07 17:09:25 -04:00
Jeija
300abcb587 Fix #155 (option 2 used). Remove non-ActionQueue system. Enable overheat for more than 20 actions per second on lua- / microcontrollers and gates.
Fix a bug where a burnt luacontroller didn't have the correct pin-states as the burnt controller does not register any changes from outside.
2014-04-20 21:51:17 +02:00
Jeija
3d2cfeace8 Fix #83 (experimental)
Why did we actually put the update action in a queue again? Whatever issue it that was for, I couldn't reproduce it.
Propably the ActionQueue fixed that...?
2014-03-19 14:47:22 +01:00
Jeija
df6829e553 Remove timer() from LuaController and make interrupt() use the ActionQueue so that it will keep working when restarting the server 2014-03-19 10:20:43 +01:00
Jeija
39a0e56c18 Improve and clean up luacontroller digiline_send on globalstep feature 2014-03-19 09:11:07 +01:00
Jeija
b50721c701 Merge branch 'digiline-non-reentrant' of https://github.com/CiaranG/minetest-mod-mesecons into CiaranG-digiline-non-reentrant
Conflicts:
	mesecons_luacontroller/init.lua
2014-03-16 21:12:50 +01:00
Jeija
38ff900274 Merge pull request #152 from CiaranG/timer
Add timer() function/event (node timer based) to luacontroller
2014-03-16 21:05:49 +01:00
Ciaran Gultnieks
9eda62df7b Add timer() function/event (node timer based) to luacontroller
This adds a timer(<seconds>) function, which causes an event of type
"timer" to be fired after that many seconds has elapsed.

Because it's node timer based, it works properly across server restarts
and block unloading. Thus, simplest example, a blinky plant replacement
with a 10 second period:

if event.type == "program" then
  timer(10)
elseif event.type == "timer" then
  port.a = not port.a
  timer(10)
end
2014-03-11 22:50:48 +00:00
Ciaran Gultnieks
5d3cba0bd4 Handle luacontroller formspec events correctly
Example of problem fixed by this: Edit lua code, press Execute. Now
(execute button has focus), hold down a key. Zillions of "program"
events are generated.
2014-03-11 17:54:56 +00:00
Ciaran Gultnieks
5002315ec9 Send digiline messages after luacontroller execution
In the same way as for port settings, this queues up digiline messages
sent during the luacontroller's execution, and sends them afterwards.
This solves many problems, but one example:

1. Send a message, and receive a reply from another device.
2. While handling the reply event (effectively a nested invocation
   on the same luacontroller) make a change to memory
3. Notice that the memory change has no effect, because after
   completion of the reply handling, it stores the memory, but then
   the original invocation completes and overwrites it with it's
   own earlier copy of the same memory.
2014-03-11 17:34:30 +00:00
Ciaran Gultnieks
c240d399fb Add missing string.upper to luacontroller 2014-02-16 13:28:07 +00:00
Jeija
8a71f51b26 Merge branch 'actionqueue'
This introduces the ActionQueue, a new kind of MESECONS_GLOBALSTEP.
Circuits using delayers will now resume when restarting the server.
Also, large circuits should automatically resume if parts of them are
in unloaded chunks.
Old circuits e.g. using gates will not resume when mesecons is updated,
which means you have to restart them once. But after that, it should work
just like it used to.
This will fix a lot of stuff but may also introduce some new bugs.
So please report them!
2014-01-19 13:59:22 +01:00
Novatux
f1ae54ed12 Try to fix gateswith serverstep code. 2014-01-11 07:24:42 +01:00
ShadowNinja
de6dd30745 Move textures into their mods 2014-01-10 13:13:02 -05:00