[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua exposure to C vulnerabilities?
- From: Sean Conner <sean@...>
- Date: Sun, 18 Sep 2016 21:41:17 -0400
It was thus said that the Great Russell Haley once stated:
> Thank you that's really what I needed to know. I am writing everything in
> Lua so far but there are libraries I am using that rely on C such as
> luaxml and luasys (possibly to be replaced with cqueues). It made me
> curious as to the protection afforded me by the abstraction of calling C
> from Lua.
You still have to be careful to call the proper Lua functions. This
function may casue the program to crash:
int cancrash(lua_State *L)
{
lua_pushinteger(L,strlen(lua_tostring(L,1)));
return 1;
}
whereas this one won't (Lua will throw an error):
int nocrash(lua_State *L)
{
lua_pushinteger(L,strlen(luaL_checkstring(L,1)));
return 1;
}
-spc
