LuaBlock: store md5 checksums

This avoids changing the LuaBlock code by setting its metadata.
This commit is contained in:
upsilon 2017-06-02 14:51:10 +02:00
parent 8cac3f8f70
commit 180167110f
No known key found for this signature in database
GPG Key ID: A80DAE1F266E1C3C
4 changed files with 46 additions and 0 deletions

3
.gitmodules vendored Normal file

@ -0,0 +1,3 @@
[submodule "moremesecons_luablock/md5_lua"]
path = moremesecons_luablock/md5_lua
url = https://github.com/kikito/md5.lua.git

@ -1 +1,2 @@
mesecons mesecons
moremesecons_utils

@ -1,3 +1,39 @@
local hash_table
local md5
local storage
if minetest.get_mod_storage then
md5 = dofile(minetest.get_modpath(minetest.get_current_modname()).."/md5_lua/md5.lua")
storage = minetest.get_mod_storage()
hash_table = minetest.deserialize(storage:get_string("hash_table")) or {}
else
minetest.log("warning", "[moremesecons_luablock] Your version of Minetest does not provide a mod storage API. The mod storage allows moremesecons_luablock to store md5 checksums, which avoids some potential security breaches.")
end
local function set_md5(pos, code)
if not hash_table then
return
end
vector.set_data_to_pos(hash_table, pos.z,pos.y,pos.x, md5.sum(code))
storage:set_string("hash_table", minetest.serialize(hash_table))
end
local function check_md5(pos, code)
if not hash_table then
return true
end
local stored_sum = vector.get_data_from_pos(hash_table, pos.z,pos.y,pos.x)
if not stored_sum then
-- Legacy
set_md5(pos, code)
return true
end
if md5.sum(code) ~= stored_sum then
return false
end
return true
end
local function make_formspec(meta, pos) local function make_formspec(meta, pos)
local code = meta:get_string("code") local code = meta:get_string("code")
local errmsg = minetest.formspec_escape(meta:get_string("errmsg")) local errmsg = minetest.formspec_escape(meta:get_string("errmsg"))
@ -74,6 +110,7 @@ minetest.register_node("moremesecons_luablock:luablock", {
end end
meta:set_string("code", fields.code) meta:set_string("code", fields.code)
set_md5(pos, fields.code)
make_formspec(meta, pos) make_formspec(meta, pos)
end, end,
can_dig = function(pos, player) can_dig = function(pos, player)
@ -87,6 +124,10 @@ minetest.register_node("moremesecons_luablock:luablock", {
if code == "" then if code == "" then
return return
end end
if not check_md5(npos, code) then
minetest.log("warning", "[moremesecons_luablock] Code of LuaBlock at pos "..minetest.pos_to_string(npos).." does not match with its md5 checksum!")
return
end
-- We do absolutely no check there. -- We do absolutely no check there.
-- There is no limitation in the number of instruction the LuaBlock can execute -- There is no limitation in the number of instruction the LuaBlock can execute
-- or the usage it can make of loops. -- or the usage it can make of loops.

@ -0,0 +1 @@
Subproject commit e8cd75ce397da6dd75ddb37cb07eb31663743223