Protect a few more settings from being set from mods
Of those settings main_menu_script has concrete security impact, the rest are added out of abundance of caution.
This commit is contained in:
parent
36883505da
commit
735b01bd5f
@ -26,9 +26,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
|
||||||
|
|
||||||
/* This protects:
|
/* This protects the following from being set:
|
||||||
* 'secure.*' settings from being set
|
* 'secure.*' settings
|
||||||
* some mapgen settings from being set
|
* some security-relevant settings
|
||||||
|
* (better solution pending)
|
||||||
|
* some mapgen settings
|
||||||
* (not security-criticial, just to avoid messing up user configs)
|
* (not security-criticial, just to avoid messing up user configs)
|
||||||
*/
|
*/
|
||||||
#define CHECK_SETTING_SECURITY(L, name) \
|
#define CHECK_SETTING_SECURITY(L, name) \
|
||||||
@ -40,7 +42,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||||||
static inline int checkSettingSecurity(lua_State* L, const std::string &name)
|
static inline int checkSettingSecurity(lua_State* L, const std::string &name)
|
||||||
{
|
{
|
||||||
if (ScriptApiSecurity::isSecure(L) && name.compare(0, 7, "secure.") == 0)
|
if (ScriptApiSecurity::isSecure(L) && name.compare(0, 7, "secure.") == 0)
|
||||||
throw LuaError("Attempt to set secure setting.");
|
throw LuaError("Attempted to set secure setting.");
|
||||||
|
|
||||||
bool is_mainmenu = false;
|
bool is_mainmenu = false;
|
||||||
#ifndef SERVER
|
#ifndef SERVER
|
||||||
@ -53,6 +55,17 @@ static inline int checkSettingSecurity(lua_State* L, const std::string &name)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const char *disallowed[] = {
|
||||||
|
"main_menu_script", "shader_path", "texture_path", "screenshot_path",
|
||||||
|
"serverlist_file", "serverlist_url", "map-dir", "contentdb_url",
|
||||||
|
};
|
||||||
|
if (!is_mainmenu) {
|
||||||
|
for (const char *name2 : disallowed) {
|
||||||
|
if (name == name2)
|
||||||
|
throw LuaError("Attempted to set disallowed setting.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user