Commit Graph

30 Commits

Author SHA1 Message Date
sfan5
74762470b2 Fix some minor code issues all over the place 2020-12-24 13:44:54 +01:00
luk3yx
61a196378f
Fix CSMs on arm64 (#10553) 2020-10-25 18:01:39 +01:00
sfan5
659245acc7
Work around LuaJIT issues on aarch64 (#9614)
- Move the text segment below the 47-bit limit, needed for script_exception_wrapper which must be lightuserdata
- Replace CUSTOM_RIDX_SCRIPTAPI with full userdata
2020-04-08 20:14:08 +02:00
sfan5
82a2e02323 Load client mods into memory before execution.
Preperation for server-sent CSM which will eventually need this.
2019-11-09 16:08:38 +01:00
sfan5
5ab546f99b Refactor loading of Lua code with mod security 2019-11-09 16:08:38 +01:00
SmallJoker
b0baa698a4 CSM: Fix itemstack:get_meta() 'metadata' indexing error 2019-09-14 19:42:30 +02:00
SmallJoker
23677be951 Load CSM environment after the restrictions are known
Safety-guards for CSM callbacks to abort on a bad implementation
Only run callbacks when the mods are loaded (and with it: builtin)

Duplication checks inside constructors
2019-09-14 19:42:25 +02:00
y
ecd20de64d Removed debug.upvaluejoin to prevent leak of insecure environment 2019-07-24 11:43:09 +02:00
Quentin Bazin
5f1cd555cd Move client-specific files to 'src/client' (#7902)
Update Android.mk
Remove 'src/client' from include_directories
2018-11-28 20:01:49 +01:00
Loïc Blot
eef62c82a2
Modernize lua read (part 2 & 3): C++ templating assurance (#7410)
* Modernize lua read (part 2 & 3): C++ templating assurance

Implement the boolean reader
Implement the string reader
Also remove unused & unimplemented script_error_handler
Add a reader with default value
2018-06-30 17:11:38 +02:00
red-001
1e94a7feaf Move setlocale from Lua to C++. 2018-02-08 15:38:34 +01:00
Loïc Blot
1c1c97cbd1 Modernize source code: last part (#6285)
* Modernize source code: last par

* Use empty when needed
* Use emplace_back instead of push_back when needed
* For range-based loops
* Initializers fixes
* constructors, destructors default
* c++ C stl includes
2017-08-20 13:30:50 +02:00
red-001
f3ad75691a Create a filesystem abstraction layer for CSM and only allow accessing files that are scanned into it. (#5965)
* Load client-side mods into memory before executing them.

This removes the remaining filesystem access that client-sided mods had and it will hopefully make then more secure.

* Lua Virtual filesystem: don't load the files into memory just scan the filenames into memory.

* Fix the issues with backtrace

* fix most of the issues

* fix code style.

* add a comment
2017-06-30 20:14:39 +02:00
Auke Kok
97988a1044 Plug two minor Leaks (#5603)
* Resource leak: CHECK_FILE_ERR returns, without freeing chunk_name.

Found with static analysis.

* Resource leak: leaks `page` on error path.

Found with static analysis.
2017-04-17 09:04:58 +02:00
red-001
2e3778ec0c Block access to the io library 2017-03-19 12:34:33 +01:00
red-001
a50d07d39a [CSM] Improve security for client-sided mods (#5100) 2017-03-13 23:56:05 +01:00
Loic Blot
2efae3ffd7 [CSM] Client side modding
* rename GameScripting to ServerScripting
* Make getBuiltinLuaPath static serverside
* Add on_shutdown callback
* Add on_receiving_chat_message & on_sending_chat_message callbacks
* ScriptApiBase: use IGameDef instead of Server
  This permits to share common attribute between client & server
* Enable mod security in client side modding without conditions
2017-03-13 23:56:05 +01:00
Loïc Blot
39123fcce5 Remove os.exit from the Lua secure sandbox (#5090)
os.exit will exit not using proper resource liberation paths.

Mods should call the proper exit mod using our API
2017-01-21 22:05:54 +01:00
ShadowNinja
0f0502109e Security: Fix resolving of some relative paths
Trying to resolve a path with RemoveRelativePathComponents that can't
be resolved without leaving leading parent components (e.g. "../worlds/foo"
or "bar/../../worlds/foo") will fail.  To work around this, we leave
the relative components and simply remove the trailing components one
at a time, and bail out when we find a parent component.  This will
still fail for paths like "worlds/foo/noexist/../auth.txt" (the path
before the last parent component must not exist), but this is fine
since you won't be able to open a file with a path like that anyways
(the O.S. will determine that the path doesn't exist.
Try `cat /a/../etc/passwd`).
2016-12-20 17:17:38 +10:00
ShadowNinja
59f84ca0a0 Mod security: Allow read-only access to all mod paths 2016-12-20 06:34:04 +00:00
ShadowNinja
3af5eef964 Fix secure io.lines
It used to drop all of the return values from the
insecure version of the function.
2016-11-24 10:10:20 -05:00
ShadowNinja
9e10f9f49a Fix secure io.open without mode 2016-11-24 09:58:21 -05:00
Zeno-
b5c84c34ce Fix memory leak in ::safeLoadFile (#4730) 2016-11-05 15:10:49 +10:00
David Carlier
48b3bb980d couple of memory leaks fixes. 2016-08-10 16:59:32 +02:00
Zeno-
a9bc7dc405 Remove unused code in s_security.cpp (#4172)
Note that the macro CHECK_FILE_ERR implements the code removed
2016-05-30 22:37:40 +10:00
ShadowNinja
abd4a79acb Remove debug.getupvalue from the Lua sandbox whitelist
This function could be used to steal insecure environments from trusted mods.
2016-03-03 00:09:05 -05:00
Kahrl
8658c8d9b5 Use numeric indices and raw table access with LUA_REGISTRYINDEX 2015-08-27 01:56:06 +02:00
est31
502e40a649 dofile error reporting for syntax errors
According to doc, dofile() raises an error when parsing failed due to syntax errors.
Fixes #2775
2015-06-12 20:23:31 +02:00
SmallJoker
39869aaa25 Fix Windows build, clean up included headers
Also fix a startup error caused by s_security.cpp
2015-05-22 20:37:59 +02:00
ShadowNinja
3a8c788880 Add mod security
Due to compatibility concerns, this is temporarily disabled.
2015-05-16 18:32:31 -04:00