Skip to content
Permalink
Browse files

Make sure #160 cannot be exploited to make servers crash.

This is not exactly a fix for the issue, because extremely
large circuits (3000+ conductors) still won't work with this applied.
This simply aborts any execution if there is the danger of a stack overflow.
  • Loading branch information...
Jeija
Jeija committed Jun 1, 2014
1 parent b64fea4 commit e5896076fe35f335794c0136cb12768109ad6fea
Showing with 8 additions and 2 deletions.
  1. +6 −2 mesecons/internal.lua
  2. +2 −0 mesecons/settings.lua
@@ -367,6 +367,7 @@ end

function mesecon:turnon(pos, rulename, recdepth)
recdepth = recdepth or 2
if (recdepth > STACK_SIZE) then return end
local node = minetest.get_node(pos)

if(node.name == "ignore") then
@@ -417,6 +418,7 @@ end)

function mesecon:turnoff(pos, rulename, recdepth)
recdepth = recdepth or 2
if (recdepth > STACK_SIZE) then return end
local node = minetest.get_node(pos)

if(node.name == "ignore") then
@@ -477,7 +479,9 @@ function mesecon:connected_to_receptor(pos, rulename)
return false
end

function mesecon:find_receptor_on(pos, checked, rulename)
function mesecon:find_receptor_on(pos, checked, rulename, recdepth)
recdepth = recdepth or 2
if (recdepth > STACK_SIZE) then return true end -- ignore request
local node = minetest.get_node(pos)

if mesecon:is_receptor_on(node.name) then
@@ -501,7 +505,7 @@ function mesecon:find_receptor_on(pos, checked, rulename)
local rulenames = mesecon:rules_link_rule_all_inverted(pos, rule)
for _, rname in ipairs(rulenames) do
local np = mesecon:addPosRule(pos, rname)
if mesecon:find_receptor_on(np, checked, mesecon:invertRule(rname)) then
if mesecon:find_receptor_on(np, checked, mesecon:invertRule(rname), recdepth + 1) then
return true
end
end
@@ -10,3 +10,5 @@ MESECONS_RESUMETIME = 4 -- time to wait when starting the server before
OVERHEAT_MAX = 20 -- maximum heat of any component that directly sends an output
-- signal when the input changes (e.g. luacontroller, gates)
-- Unit: actions per second, checks are every 1 second
STACK_SIZE = 3000 -- Recursive functions will abort when this is reached. Therefore,
-- this is also limits the maximum circuit size.

0 comments on commit e589607

Please sign in to comment.
You can’t perform that action at this time.