summaryrefslogtreecommitdiff
path: root/mesecons_luacontroller
AgeCommit message (Collapse)Author
2018-01-22Improve LuaController security (#393)20kdc
Fixes: 1. Lack of 'safe' on minetest.deserialize usage 2. String sandbox bypass via (""):evil() 3. Loss of upcoming digilines messages on server shutdown 4. LCs failing to show information on some errors 5. Interrupt IDs as infinite data storage
2018-01-13Limit and optimize digiline_send (#379)Christopher Head
* Close vulnerability and optimize digiline_send `digiline_send` as it previously existed was vulnerable to a time-of-check-to-time-of-use vulnerability in which a table could be sent, size-checked, and then modified after the send but before delivery. This would allow larger tables to be sent. It was also slow because it called `minetest.serialize`. Fix both of these by implementing custom message cleanup logic which simultaneously computes the message’s cost. * Clean up interaction with Digilines Use `minetest.global_exists` to avoid an undefined global variable warning when operating a Luacontroller with Digilines not available. Use the new `digilines` table in preference to the old `digiline` table. * Copy received messages When a Digiline message is received at a Luacontroller, copy it so that local modifications made by the Luacontroller code will not modify copies of the table that are being passed to other nodes on the Digiline network.
2017-11-01Set is_ground_content to false (#386)DS
2017-10-18Publish some LuaC API (#348)Vitaliy
2017-10-07Handle blasts (#356)DS
2017-05-08Fix crash when error()ing an invalid valuenumber Zero
See #337 for details.
2017-05-08Make LuaC formspec bigger (#338)DS
2017-04-14Improve overheating (#334)numberZero
New overheating system that doesn’t use the meta.
2017-03-07Spell-check and clarify item namesWuzzy
* Fix inconsistent insulated mesecon names * Clarify lightstone names * Rename meselamp to "Mesecon Lamp" * Use capitalization "Luacontroller" consistently * Cleanup / improvements for logic gate naming
2017-01-15Luacontroller: Revert function stripping from digiline messagesJeija
2016-12-28Luacontroller: Restrict digiline messagesJeija
Restrict maximum length of messages to 50.000 characters and disable sending functions or table references over the wire. Restrict types of channel variable to string, number or boolean. The missing length restriction made DoS-like attacks possible by overflowing memory using string concatenation. Thanks to gamemanj for disclosing this issue.
2016-08-16Remove an obsolete comment.Christopher Head
2016-05-17Add protection support to Luacontrollers,Carter Kolwey
protection is ignored with protection_bypass_priv
2016-04-26Luacontroller: Fix `remove_functions` stack overflow bugelectrodude
2016-04-02Disable JIT optimization for user code and allow string.find in plain modePedro Gimeno
Disabling LuaJIT for user code enables normal working of debug.sethook() even for loops. The drawback is that that code will run more slowly. The fourth parameter of string.find indicates whether the second parameter should be interpreted literally (true) or as a pattern (false). Allowing patterns enables DoS attacks, but it's possible to allow literal matching with little effort, by disallowing the function only if the fourth parameter (plain mode) is not `true`.
2016-03-14Luacontroller: Put clearing debug hook before throwing error back inJeija
2016-03-13Luacontroller: Add safe version of string.rep and remove string.gsub,Jeija
fixes #255
2016-03-13Luacontroller: Fix function usage in LuaJIT, make 'do' no longerorigin/luacontroller_jit_functionsJeija
prohibited, remove pcall and xpcall, fix global lookup of "jit" variable, correct error locations Thanks to @ShadowNinja and @gamemanj for fixing this in #241
2016-01-02Add os.datetable(), a (very) limited wrapper for os.date(). Fixes #246.Carter Kolwey
2015-11-20Major change: Documentation is now included with mesecons, the website just ↵Jeija
extracts the documentation in a more readable format This makes development of new features easier, as documentation can automatically be updated on the website without modifying the website's code! Every mod that has nodes in the mesecons modpack has a "doc" folder that contains subfolders with recipe, description and preview of the block. The website will discover which documentation is available by reading the documentation.json file.
2015-10-18Luacontroller: Add configurable size limit for mem table, 100kBytes by ↵Jeija
default, fixes #240 If size limit is exceeded, the luacontroller overheats. Overheating will cause the memory to be erased.
2015-10-04Remove trailing whitespaceJeija
2014-12-20Fix #196, removes soft-depend on commonlibJeija
2014-11-29Don't trigger an "off" event to itself when luacontroller turns a port offJeija
I hope this doesn't break anyone's setup.
2014-11-25Fix luacontroller: attempt to perform arithmetic on global 'print_count' (a ↵Jeija
nil value)
2014-11-25Merge branch 'improve-luacontroller'Jeija
However, without the print_count limiting functionality Conflicts: mesecons_luacontroller/init.lua
2014-11-23Fix luacontroller interrupts not working if no iid is suppliedJeija
2014-11-22Fix burnt luacontroller, nodebox + crashorigin/improve-luacontrollerJeija
2014-11-22Merge branch 'improve-luacontroller' of ↵Jeija
https://github.com/ShadowNinja/minetest-mod-mesecons into ShadowNinja-improve-luacontroller Conflicts: mesecons/legacy.lua mesecons_luacontroller/init.lua mesecons_microcontroller/init.lua
2014-11-22Re-implement settings system:Jeija
Settings can now be retrieved by mesecon.setting(<name>, <default>) and can be modified without editing the source code by adding the setting to minetest.conf For instance, you can add mesecon.blinky_plant_interval = 0.5 to minetest.conf in order to increase the blinking speed. Rewrite the blinky plant with nodetimers. Fixes #161
2014-11-22Replace mesecon:<some_function> with mesecon.<some_function> for greaterJeija
flexibility and because it was never inteded to be OOP in the first place. mesecon.receptor_on and mesecon.receptor_off are provided by wrappers (mesecon:receptor_on/off) for compatibility, but will be removed. Mod programmers that use mesecons: Please update! Also, fix microcontroller polluting the global namespace and remove some deprecated stuff.
2014-11-22Use an iterative algorithm for turnon() and turnoff(), fixes #160Jeija
This may also bring some performance benefit.
2014-11-21Fix #184, Fix #186, Fix #187Jeija
Just some minor issues like dead code.
2014-10-07Improve the LuaControllerShadowNinja
Changes: * Stops code after a certain number of instructions. * Allows functions, due to instruction counting. * Allows loops and goto with non-JIT Lua (LuaJIT doesn't count looping as an instruction, allowing infinite loops), due to instruction counting. * Removes string matching functions as they can be slow. * Adds some safe functions. * Limits the amount of printing that can be done (to prevent console flooding). * Code cleanup. * More...
2014-04-20Fix #155 (option 2 used). Remove non-ActionQueue system. Enable overheat for ↵Jeija
more than 20 actions per second on lua- / microcontrollers and gates. Fix a bug where a burnt luacontroller didn't have the correct pin-states as the burnt controller does not register any changes from outside.
2014-03-19Fix #83 (experimental)Jeija
Why did we actually put the update action in a queue again? Whatever issue it that was for, I couldn't reproduce it. Propably the ActionQueue fixed that...?
2014-03-19Remove timer() from LuaController and make interrupt() use the ActionQueue ↵Jeija
so that it will keep working when restarting the server
2014-03-19Improve and clean up luacontroller digiline_send on globalstep featureJeija
2014-03-16Merge branch 'digiline-non-reentrant' of ↵Jeija
https://github.com/CiaranG/minetest-mod-mesecons into CiaranG-digiline-non-reentrant Conflicts: mesecons_luacontroller/init.lua
2014-03-16Merge pull request #152 from CiaranG/timerJeija
Add timer() function/event (node timer based) to luacontroller
2014-03-11Add timer() function/event (node timer based) to luacontrollerCiaran Gultnieks
This adds a timer(<seconds>) function, which causes an event of type "timer" to be fired after that many seconds has elapsed. Because it's node timer based, it works properly across server restarts and block unloading. Thus, simplest example, a blinky plant replacement with a 10 second period: if event.type == "program" then timer(10) elseif event.type == "timer" then port.a = not port.a timer(10) end
2014-03-11Handle luacontroller formspec events correctlyCiaran Gultnieks
Example of problem fixed by this: Edit lua code, press Execute. Now (execute button has focus), hold down a key. Zillions of "program" events are generated.
2014-03-11Send digiline messages after luacontroller executionCiaran Gultnieks
In the same way as for port settings, this queues up digiline messages sent during the luacontroller's execution, and sends them afterwards. This solves many problems, but one example: 1. Send a message, and receive a reply from another device. 2. While handling the reply event (effectively a nested invocation on the same luacontroller) make a change to memory 3. Notice that the memory change has no effect, because after completion of the reply handling, it stores the memory, but then the original invocation completes and overwrites it with it's own earlier copy of the same memory.
2014-02-16Add missing string.upper to luacontrollerCiaran Gultnieks
2014-01-19Merge branch 'actionqueue'Jeija
This introduces the ActionQueue, a new kind of MESECONS_GLOBALSTEP. Circuits using delayers will now resume when restarting the server. Also, large circuits should automatically resume if parts of them are in unloaded chunks. Old circuits e.g. using gates will not resume when mesecons is updated, which means you have to restart them once. But after that, it should work just like it used to. This will fix a lot of stuff but may also introduce some new bugs. So please report them!
2014-01-11Try to fix gateswith serverstep code.Novatux
2014-01-10Move textures into their modsShadowNinja
2013-12-18Change field receipt handling to work properly with Minetest 0.4.8.Uberi
2013-11-30Update code to standards of Minetest 0.4.8.Uberi
2013-11-30Use minetest.swap_node() instead of mesecons' version, Minor code changesVanessa Ezekowitz
here and there to facilitate this.