client: Improve Lua error handling and sandbox run_script()

This commit is contained in:
Perttu Ahola 2014-09-19 13:17:22 +03:00
parent 20cf5c4390
commit b5db1b839e
2 changed files with 22 additions and 17 deletions

View File

@ -43,13 +43,22 @@ sandbox.require = function(name)
end end
local function run_in_sandbox(untrusted_code, sandbox) local function run_in_sandbox(untrusted_code, sandbox)
if untrusted_code:byte(1) == 27 then return nil, "binary bytecode prohibited" end if untrusted_code:byte(1) == 27 then return false, "binary bytecode prohibited" end
local untrusted_function, message = loadstring(untrusted_code) local untrusted_function, message = loadstring(untrusted_code)
if not untrusted_function then return nil, message end if not untrusted_function then return false, message end
setfenv(untrusted_function, sandbox) setfenv(untrusted_function, sandbox)
return __buildat_pcall(untrusted_function) return __buildat_pcall(untrusted_function)
end end
function __buildat_run_in_sandbox(untrusted_code)
local status, err = run_in_sandbox(untrusted_code, sandbox)
if status == false then
log:error("Failed to run script:\n"..err)
return false
end
return true
end
function buildat:run_script_file(name) function buildat:run_script_file(name)
local code = __buildat_get_file_content(name) local code = __buildat_get_file_content(name)
if not code then if not code then
@ -57,12 +66,5 @@ function buildat:run_script_file(name)
return false return false
end end
log:info("buildat:run_script_file("..name.."): #code="..#code) log:info("buildat:run_script_file("..name.."): #code="..#code)
local status, err = run_in_sandbox(code, sandbox) return __buildat_run_in_sandbox(code)
--local status, err = run_in_sandbox(
-- [[buildat:Logger("foo"):info("Pihvi")]], sandbox)
if status == false then
log:error("Failed to run script:\n"..err)
return false
end
return true
end end

View File

@ -315,14 +315,17 @@ struct CApp: public Polycode::EventHandler, public App
void run_script(const ss_ &script) void run_script(const ss_ &script)
{ {
log_v(MODULE, "run_script(): script.size()=%zu", script.size()); log_v(MODULE, "run_script(): %s", cs(script));
// TODO: Security lua_getfield(L, LUA_GLOBALSINDEX, "__buildat_run_in_sandbox");
int error = luaL_dostring(L, script.c_str()); lua_pushlstring(L, script.c_str(), script.size());
if(error){ lua_call(L, 1, 1);
log_w(MODULE, "luaL_dostring: An error occurred: %s\n", bool status = lua_toboolean(L, -1);
lua_tostring(L, -1));
lua_pop(L, 1); lua_pop(L, 1);
if(status == false){
log_w(MODULE, "run_script(): failed");
} else {
log_v(MODULE, "run_script(): succeeded");
} }
} }