nalc/server-nalc
1
0
Fork 0
mirror of https://github.com/sys4-fr/server-nalc.git synced 2025-01-12 02:50:25 +01:00
Code Issues Releases Wiki Activity

[mesecons] Update luacontrollers

Browse Source
This commit is contained in:
LeMagnesium 2016-03-25 19:13:23 +01:00
parent 3c9b2de8ef
commit a6824a9d2f
1 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
mods/mesecons/mesecons_luacontroller/init.lua
View File

@ -205,6 +205,17 @@ local function safe_date()
return(os.date("*t",os.time())) return(os.date("*t",os.time()))
end end
-- string.rep(str, n) with a high value for n can be used to DoS
-- the server. Therefore, limit max. length of generated string.
local function safe_string_rep(str, n)
if #str * n > mesecon.setting("luacontroller_string_rep_max", 64000) then
debug.sethook() -- Clear hook
error("string.rep: string length overflow", 2)
end
return string.rep(str, n)
end
local function remove_functions(x) local function remove_functions(x)
local tp = type(x) local tp = type(x)
if tp == "table" then if tp == "table" then
@ -249,8 +260,8 @@ end
local safe_globals = { local safe_globals = {
"assert", "error", "ipairs", "next", "pairs", "pcall", "select", "assert", "error", "ipairs", "next", "pairs", "select",
"tonumber", "tostring", "type", "unpack", "_VERSION", "xpcall", "tonumber", "tostring", "type", "unpack", "_VERSION"
} }
local function create_environment(pos, mem, event) local function create_environment(pos, mem, event)
-- Gather variables for the environment -- Gather variables for the environment
@ -275,11 +286,10 @@ local function create_environment(pos, mem, event)
byte = string.byte, byte = string.byte,
char = string.char, char = string.char,
format = string.format, format = string.format,
gsub = string.gsub,
len = string.len, len = string.len,
lower = string.lower, lower = string.lower,
upper = string.upper, upper = string.upper,
rep = string.rep, rep = safe_string_rep,
reverse = string.reverse, reverse = string.reverse,
sub = string.sub, sub = string.sub,
}, },
@ -340,17 +350,17 @@ end
local function timeout() local function timeout()
debug.sethook() -- Clear hook debug.sethook() -- Clear hook
error("Code timed out!") error("Code timed out!", 2)
end end
local function code_prohibited(code) local function code_prohibited(code)
-- LuaJIT doesn't increment the instruction counter when running -- LuaJIT doesn't increment the instruction counter when running
-- loops, so we have to sanitize inputs if we're using LuaJIT. -- loops, so we have to sanitize inputs if we're using LuaJIT.
if not jit then if not rawget(_G, "jit") then
return false return false
end end
local prohibited = {"while", "for", "do", "repeat", "until", "goto"} local prohibited = {"while", "for", "repeat", "until", "goto"}
code = " "..code.." " code = " "..code.." "
for _, p in ipairs(prohibited) do for _, p in ipairs(prohibited) do
if string.find(code, "[^%w_]"..p.."[^%w_]") then if string.find(code, "[^%w_]"..p.."[^%w_]") then
@ -369,10 +379,26 @@ local function create_sandbox(code, env)
setfenv(f, env) setfenv(f, env)
return function(...) return function(...)
debug.sethook(timeout, "", 10000) -- Normal Lua: Use instruction counter to stop execution
-- after luacontroller_maxevents.
-- LuaJIT: Count function calls instead of instructions, allows usage
-- of function keyword. However, LuaJIT still doesn't trigger
-- lines events when using infinite loops.
local maxevents = mesecon.setting("luacontroller_maxevents", 10000)
if not rawget(_G, "jit") then
debug.sethook(timeout, "", maxevents)
else
local events = 0
debug.sethook(function ()
events = events + 1
if events > maxevents then
timeout()
end
end, "c")
end
local ok, ret = pcall(f, ...) local ok, ret = pcall(f, ...)
debug.sethook() -- Clear hook debug.sethook() -- Clear hook
if not ok then error(ret) end if not ok then error(ret, 0) end
return ret return ret
end end
end end