Protect a few more settings from being set from mods

Of those settings main_menu_script has concrete security impact, the rest are added out of abundance of caution.
This commit is contained in:
sfan5 2022-05-25 19:07:49 +02:00
parent bccaf5fc2d
commit da71e86633

@ -27,9 +27,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "log.h" #include "log.h"
/* This protects: /* This protects the following from being set:
* 'secure.*' settings from being set * 'secure.*' settings
* some mapgen settings from being set * some security-relevant settings
* (better solution pending)
* some mapgen settings
* (not security-criticial, just to avoid messing up user configs) * (not security-criticial, just to avoid messing up user configs)
*/ */
#define CHECK_SETTING_SECURITY(L, name) \ #define CHECK_SETTING_SECURITY(L, name) \
@ -41,7 +43,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
static inline int checkSettingSecurity(lua_State* L, const std::string &name) static inline int checkSettingSecurity(lua_State* L, const std::string &name)
{ {
if (ScriptApiSecurity::isSecure(L) && name.compare(0, 7, "secure.") == 0) if (ScriptApiSecurity::isSecure(L) && name.compare(0, 7, "secure.") == 0)
throw LuaError("Attempt to set secure setting."); throw LuaError("Attempted to set secure setting.");
bool is_mainmenu = false; bool is_mainmenu = false;
#ifndef SERVER #ifndef SERVER
@ -54,6 +56,17 @@ static inline int checkSettingSecurity(lua_State* L, const std::string &name)
return -1; return -1;
} }
const char *disallowed[] = {
"main_menu_script", "shader_path", "texture_path", "screenshot_path",
"serverlist_file", "serverlist_url", "map-dir", "contentdb_url",
};
if (!is_mainmenu) {
for (const char *name2 : disallowed) {
if (name == name2)
throw LuaError("Attempted to set disallowed setting.");
}
}
return 0; return 0;
} }