From b5db1b839ed4e62682c01e17e64e6acfd5dddd75 Mon Sep 17 00:00:00 2001
From: Perttu Ahola <celeron55@gmail.com>
Date: Fri, 19 Sep 2014 13:17:22 +0300
Subject: [PATCH] client: Improve Lua error handling and sandbox run_script()

---
 client/sandbox.lua | 22 ++++++++++++----------
 src/client/app.cpp | 17 ++++++++++-------
 2 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/client/sandbox.lua b/client/sandbox.lua
index 1f99e9d..c10a059 100644
--- a/client/sandbox.lua
+++ b/client/sandbox.lua
@@ -43,13 +43,22 @@ sandbox.require = function(name)
 end
 
 local function run_in_sandbox(untrusted_code, sandbox)
-	if untrusted_code:byte(1) == 27 then return nil, "binary bytecode prohibited" end
+	if untrusted_code:byte(1) == 27 then return false, "binary bytecode prohibited" end
 	local untrusted_function, message = loadstring(untrusted_code)
-	if not untrusted_function then return nil, message end
+	if not untrusted_function then return false, message end
 	setfenv(untrusted_function, sandbox)
 	return __buildat_pcall(untrusted_function)
 end
 
+function __buildat_run_in_sandbox(untrusted_code)
+	local status, err = run_in_sandbox(untrusted_code, sandbox)
+	if status == false then
+		log:error("Failed to run script:\n"..err)
+		return false
+	end
+	return true
+end
+
 function buildat:run_script_file(name)
 	local code = __buildat_get_file_content(name)
 	if not code then
@@ -57,12 +66,5 @@ function buildat:run_script_file(name)
 		return false
 	end
 	log:info("buildat:run_script_file("..name.."): #code="..#code)
-	local status, err = run_in_sandbox(code, sandbox)
-	--local status, err = run_in_sandbox(
-	--		[[buildat:Logger("foo"):info("Pihvi")]], sandbox)
-	if status == false then
-		log:error("Failed to run script:\n"..err)
-		return false
-	end
-	return true
+	return __buildat_run_in_sandbox(code)
 end
diff --git a/src/client/app.cpp b/src/client/app.cpp
index e56a8f1..bf8126a 100644
--- a/src/client/app.cpp
+++ b/src/client/app.cpp
@@ -315,14 +315,17 @@ struct CApp: public Polycode::EventHandler, public App
 
 	void run_script(const ss_ &script)
 	{
-		log_v(MODULE, "run_script(): script.size()=%zu", script.size());
+		log_v(MODULE, "run_script(): %s", cs(script));
 
-		// TODO: Security
-		int error = luaL_dostring(L, script.c_str());
-		if(error){
-			log_w(MODULE, "luaL_dostring: An error occurred: %s\n",
-					lua_tostring(L, -1));
-			lua_pop(L, 1);
+		lua_getfield(L, LUA_GLOBALSINDEX, "__buildat_run_in_sandbox");
+		lua_pushlstring(L, script.c_str(), script.size());
+		lua_call(L, 1, 1);
+		bool status = lua_toboolean(L, -1);
+		lua_pop(L, 1);
+		if(status == false){
+			log_w(MODULE, "run_script(): failed");
+		} else {
+			log_v(MODULE, "run_script(): succeeded");
 		}
 	}