From 8b01d7bcb59fe162e84011722472835dab8de128 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 8 Aug 2018 18:02:01 +0300 Subject: [PATCH 1/4] Enable safe Os functions --- Server/mods/deathmatch/logic/lua/CLuaMain.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Server/mods/deathmatch/logic/lua/CLuaMain.cpp b/Server/mods/deathmatch/logic/lua/CLuaMain.cpp index c168c731db..fa41316ee4 100644 --- a/Server/mods/deathmatch/logic/lua/CLuaMain.cpp +++ b/Server/mods/deathmatch/logic/lua/CLuaMain.cpp @@ -172,6 +172,23 @@ void CLuaMain::InitVM(void) luaopen_table(m_luaVM); luaopen_debug(m_luaVM); luaopen_utf8(m_luaVM); + luaopen_os(m_luaVM); + + // Disable dangerous Lua Os library functions + lua_getglobal(m_luaVM, "os"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "execute"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "rename"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "remove"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "exit"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "getenv"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "tmpname"); + lua_pop(m_luaVM, 1); // Initialize security restrictions. Very important to prevent lua trojans and viruses! InitSecurity(); From 548a1a39593500375a58ad0d298872f27519ef56 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 8 Aug 2018 18:30:15 +0300 Subject: [PATCH 2/4] Enable safe Os functions --- Client/mods/deathmatch/logic/lua/CLuaMain.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Client/mods/deathmatch/logic/lua/CLuaMain.cpp b/Client/mods/deathmatch/logic/lua/CLuaMain.cpp index dc5c873006..7c792003de 100644 --- a/Client/mods/deathmatch/logic/lua/CLuaMain.cpp +++ b/Client/mods/deathmatch/logic/lua/CLuaMain.cpp @@ -73,6 +73,22 @@ void CLuaMain::ResetInstructionCount(void) void CLuaMain::InitSecurity(void) { + // Disable dangerous Lua Os library functions + lua_getglobal(m_luaVM, "os"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "execute"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "rename"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "remove"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "exit"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "getenv"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "tmpname"); + lua_pop(m_luaVM, 1); + lua_register(m_luaVM, "dofile", CLuaUtilDefs::DisabledFunction); lua_register(m_luaVM, "loadfile", CLuaUtilDefs::DisabledFunction); lua_register(m_luaVM, "require", CLuaUtilDefs::DisabledFunction); @@ -141,6 +157,7 @@ void CLuaMain::InitVM(void) luaopen_table(m_luaVM); luaopen_debug(m_luaVM); luaopen_utf8(m_luaVM); + luaopen_os(m_luaVM); // Initialize security restrictions. Very important to prevent lua trojans and viruses! InitSecurity(); From 632282642faa175732713072a2bce7868ac0c2d8 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 8 Aug 2018 18:32:04 +0300 Subject: [PATCH 3/4] Move Os function removals to InitSecurity --- Server/mods/deathmatch/logic/lua/CLuaMain.cpp | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/Server/mods/deathmatch/logic/lua/CLuaMain.cpp b/Server/mods/deathmatch/logic/lua/CLuaMain.cpp index fa41316ee4..64a36f12df 100644 --- a/Server/mods/deathmatch/logic/lua/CLuaMain.cpp +++ b/Server/mods/deathmatch/logic/lua/CLuaMain.cpp @@ -108,6 +108,22 @@ void CLuaMain::ResetInstructionCount(void) void CLuaMain::InitSecurity(void) { + // Disable dangerous Lua Os library functions + lua_getglobal(m_luaVM, "os"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "execute"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "rename"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "remove"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "exit"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "getenv"); + lua_pushnil(m_luaVM); + lua_setfield(m_luaVM, -2, "tmpname"); + lua_pop(m_luaVM, 1); + lua_register(m_luaVM, "dofile", CLuaUtilDefs::DisabledFunction); lua_register(m_luaVM, "loadfile", CLuaUtilDefs::DisabledFunction); lua_register(m_luaVM, "require", CLuaUtilDefs::DisabledFunction); @@ -174,22 +190,6 @@ void CLuaMain::InitVM(void) luaopen_utf8(m_luaVM); luaopen_os(m_luaVM); - // Disable dangerous Lua Os library functions - lua_getglobal(m_luaVM, "os"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "execute"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "rename"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "remove"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "exit"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "getenv"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "tmpname"); - lua_pop(m_luaVM, 1); - // Initialize security restrictions. Very important to prevent lua trojans and viruses! InitSecurity(); From 944c01bcc5102a5715d77228ec42baf9653ce7cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabrielius=20Laurinavi=C4=8Dius?= Date: Thu, 16 Aug 2018 08:34:30 +0300 Subject: [PATCH 4/4] Set disabled Os functions to CLuaUtilDefs::DisabledFunction --- Client/mods/deathmatch/logic/lua/CLuaMain.cpp | 25 ++++++++----------- Server/mods/deathmatch/logic/lua/CLuaMain.cpp | 25 ++++++++----------- 2 files changed, 22 insertions(+), 28 deletions(-) diff --git a/Client/mods/deathmatch/logic/lua/CLuaMain.cpp b/Client/mods/deathmatch/logic/lua/CLuaMain.cpp index 7c792003de..3128f3faef 100644 --- a/Client/mods/deathmatch/logic/lua/CLuaMain.cpp +++ b/Client/mods/deathmatch/logic/lua/CLuaMain.cpp @@ -74,20 +74,17 @@ void CLuaMain::ResetInstructionCount(void) void CLuaMain::InitSecurity(void) { // Disable dangerous Lua Os library functions - lua_getglobal(m_luaVM, "os"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "execute"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "rename"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "remove"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "exit"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "getenv"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "tmpname"); - lua_pop(m_luaVM, 1); + static const luaL_reg osfuncs[] = + { + { "execute", CLuaUtilDefs::DisabledFunction }, + { "rename", CLuaUtilDefs::DisabledFunction }, + { "remove", CLuaUtilDefs::DisabledFunction }, + { "exit", CLuaUtilDefs::DisabledFunction }, + { "getenv", CLuaUtilDefs::DisabledFunction }, + { "tmpname", CLuaUtilDefs::DisabledFunction }, + { NULL, NULL } + }; + luaL_register(m_luaVM, "os", osfuncs); lua_register(m_luaVM, "dofile", CLuaUtilDefs::DisabledFunction); lua_register(m_luaVM, "loadfile", CLuaUtilDefs::DisabledFunction); diff --git a/Server/mods/deathmatch/logic/lua/CLuaMain.cpp b/Server/mods/deathmatch/logic/lua/CLuaMain.cpp index 64a36f12df..e3941708f0 100644 --- a/Server/mods/deathmatch/logic/lua/CLuaMain.cpp +++ b/Server/mods/deathmatch/logic/lua/CLuaMain.cpp @@ -109,20 +109,17 @@ void CLuaMain::ResetInstructionCount(void) void CLuaMain::InitSecurity(void) { // Disable dangerous Lua Os library functions - lua_getglobal(m_luaVM, "os"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "execute"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "rename"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "remove"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "exit"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "getenv"); - lua_pushnil(m_luaVM); - lua_setfield(m_luaVM, -2, "tmpname"); - lua_pop(m_luaVM, 1); + static const luaL_reg osfuncs[] = + { + { "execute", CLuaUtilDefs::DisabledFunction }, + { "rename", CLuaUtilDefs::DisabledFunction }, + { "remove", CLuaUtilDefs::DisabledFunction }, + { "exit", CLuaUtilDefs::DisabledFunction }, + { "getenv", CLuaUtilDefs::DisabledFunction }, + { "tmpname", CLuaUtilDefs::DisabledFunction }, + { NULL, NULL } + }; + luaL_register(m_luaVM, "os", osfuncs); lua_register(m_luaVM, "dofile", CLuaUtilDefs::DisabledFunction); lua_register(m_luaVM, "loadfile", CLuaUtilDefs::DisabledFunction);