[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: dostring and precompiled code
- From: Jean-Claude Wippler <jcw@...>
- Date: Mon, 5 Feb 2001 12:11:07 -0800
On Mon, Feb 5, 2001, Luiz Henrique de Figueiredo <lhf@tecgraf.puc-rio.br>
wrote:
>[...] If dostring accepted precompiled code, it might be possible to crash
>the host by feeding dostring with malicious code [...]
>
>Anyway, it's simple to change dostring to allow precompiled code: Just remove
>the two lines marked below from lbaselib.c:
>
> static int luaB_dostring (lua_State *L) {
> int oldtop = lua_gettop(L);
> size_t l;
> const char *s = luaL_check_lstr(L, 1, &l);
>| if (*s == '\27') /* binary files start with ESC... */
>| lua_error(L, "`dostring' cannot run pre-compiled code");
> return passresults(L, lua_dobuffer(L, s, l, luaL_opt_string(L, 2, s)),
>oldtop)
> ;
>}
Suggestion: please move those two lines to lua_dostring in lapi.c, since
that call cannot handle precompiled code with embedded null bytes.
In terms of what to do in C and what to do in Lua, my mantra is:
Make POLICY decisons scripted, write just INTERFACES in C
The reason is that this way one can provide maximum functionality, yet
use the scripting layer to alter/restrict the API when needed. An
(untested) example:
function dostring(s,...)
if strbyte(s)==27 then
error("`dostring' cannot run pre-compiled code")
end
return %dostring(s,arg[1])
end
-jcw
