mesecons/mesecons_luacontroller, branch 2017.03.05

mesecons/mesecons_luacontroller, branch 2017.03.05 Unnamed repository; edit this file 'description' to name the repository. http://git.linux-forks.de/mesecons/atom?h=2017.03.05 2017-01-15T19:11:12+00:00 Luacontroller: Revert function stripping from digiline messages 2017-01-15T19:11:12+00:00 Jeija norrepli@gmail.com 2017-01-15T19:11:12+00:00 urn:sha1:54daee236e680fa79b2dd31e812f7e063887a0bf Luacontroller: Restrict digiline messages 2016-12-28T09:07:59+00:00 Jeija norrepli@gmail.com 2016-12-28T09:07:59+00:00 urn:sha1:703e6fdadb5251b6f42e35f0f71f3094f5e15f75 Restrict maximum length of messages to 50.000 characters and disable sending functions or table references over the wire. Restrict types of channel variable to string, number or boolean. The missing length restriction made DoS-like attacks possible by overflowing memory using string concatenation. Thanks to gamemanj for disclosing this issue. Remove an obsolete comment. 2016-08-16T07:16:24+00:00 Christopher Head chead@chead.ca 2016-08-16T07:16:24+00:00 urn:sha1:53eaf2af1113d5ec3aa5f4fb50650d2b181a8d26 Add protection support to Luacontrollers, 2016-05-17T05:58:50+00:00 Carter Kolwey cheapiephp@gmail.com 2016-05-16T17:55:58+00:00 urn:sha1:40487a65f47cd42595417ab434a9b5a97a496a3e protection is ignored with protection_bypass_priv Luacontroller: Fix `remove_functions` stack overflow bug 2016-04-26T18:40:12+00:00 electrodude electrodude512@gmail.com 2016-04-20T22:09:38+00:00 urn:sha1:6cae381c2788d2e4061c530cc143ca38bd0862e3 Disable JIT optimization for user code and allow string.find in plain mode 2016-04-02T15:31:40+00:00 Pedro Gimeno pgimeno@email.fake 2016-03-14T13:29:34+00:00 urn:sha1:b487783c239d75338254ae8bc7250ba6141d67a6 Disabling LuaJIT for user code enables normal working of debug.sethook() even for loops. The drawback is that that code will run more slowly. The fourth parameter of string.find indicates whether the second parameter should be interpreted literally (true) or as a pattern (false). Allowing patterns enables DoS attacks, but it's possible to allow literal matching with little effort, by disallowing the function only if the fourth parameter (plain mode) is not `true`. Luacontroller: Put clearing debug hook before throwing error back in 2016-03-14T11:51:57+00:00 Jeija norrepli@gmail.com 2016-03-14T11:51:57+00:00 urn:sha1:72e513ecbdf8273c89d8a79b518d9d0fbedb3f90 Luacontroller: Add safe version of string.rep and remove string.gsub, 2016-03-13T21:01:46+00:00 Jeija norrepli@gmail.com 2016-03-13T21:01:46+00:00 urn:sha1:1e77b193ddaaabc66a164c0213ea58559d2d863a fixes #255 Luacontroller: Fix function usage in LuaJIT, make 'do' no longer 2016-03-13T20:16:16+00:00 Jeija norrepli@gmail.com 2016-03-13T12:43:55+00:00 urn:sha1:08b14e3af0384bf23de3fa976ae94e212819218e prohibited, remove pcall and xpcall, fix global lookup of "jit" variable, correct error locations Thanks to @ShadowNinja and @gamemanj for fixing this in #241 Add os.datetable(), a (very) limited wrapper for os.date(). Fixes #246. 2016-01-02T07:13:38+00:00 Carter Kolwey cheapiephp@gmail.com 2016-01-02T07:13:38+00:00 urn:sha1:35b647ed4a885e0aadcbd6e07e63a1a401566f91