diff options
| author | Jeija <norrepli@gmail.com> | 2016-03-13 22:01:46 +0100 | 
|---|---|---|
| committer | Jeija <norrepli@gmail.com> | 2016-03-13 22:01:46 +0100 | 
| commit | 1e77b193ddaaabc66a164c0213ea58559d2d863a (patch) | |
| tree | 509fdf89fbe175715fa72b5b3220f286b0ad6830 /mesecons_luacontroller | |
| parent | 08b14e3af0384bf23de3fa976ae94e212819218e (diff) | |
Luacontroller: Add safe version of string.rep and remove string.gsub,
fixes #255
Diffstat (limited to 'mesecons_luacontroller')
| -rw-r--r-- | mesecons_luacontroller/init.lua | 14 | 
1 files changed, 11 insertions, 3 deletions
| diff --git a/mesecons_luacontroller/init.lua b/mesecons_luacontroller/init.lua index 2aa4328..7d15e30 100644 --- a/mesecons_luacontroller/init.lua +++ b/mesecons_luacontroller/init.lua @@ -205,6 +205,16 @@ local function safe_date()  	return(os.date("*t",os.time()))  end +-- string.rep(str, n) with a high value for n can be used to DoS +-- the server. Therefore, limit max. length of generated string. +local function safe_string_rep(str, n) +	if #str * n > mesecon.setting("luacontroller_string_rep_max", 64000) then +		error("string.rep: string length overflow", 2) +	end + +	return string.rep(str, n) +end +  local function remove_functions(x)  	local tp = type(x)  	if tp == "table" then @@ -275,11 +285,10 @@ local function create_environment(pos, mem, event)  			byte = string.byte,  			char = string.char,  			format = string.format, -			gsub = string.gsub,  			len = string.len,  			lower = string.lower,  			upper = string.upper, -			rep = string.rep, +			rep = safe_string_rep,  			reverse = string.reverse,  			sub = string.sub,  		}, @@ -339,7 +348,6 @@ end  local function timeout() -	debug.sethook()  -- Clear hook  	error("Code timed out!", 2)  end | 
