mirror of
https://github.com/luanti-org/luanti.git
synced 2025-08-11 17:51:04 +00:00
Refactor how script api reads current mod name
This is to prevent future mistakes and make it clearer whether the mod name can be trusted depending on how it is retrieved.
This commit is contained in:
sfan5
parent
cb5fa56e17
commit
ce97210eb1
8 changed files with 88 additions and 78 deletions
|
|
@ -179,6 +179,7 @@ int ScriptApiBase::luaPanic(lua_State *L)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#ifndef SERVER
|
||||
void ScriptApiBase::clientOpenLibs(lua_State *L)
|
||||
{
|
||||
static const std::vector<std::pair<std::string, lua_CFunction>> m_libs = {
|
||||
|
|
@ -199,6 +200,7 @@ void ScriptApiBase::clientOpenLibs(lua_State *L)
|
|||
lua_call(L, 1, 0);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
void ScriptApiBase::checkSetByBuiltin()
|
||||
{
|
||||
|
|
@ -223,6 +225,45 @@ void ScriptApiBase::checkSetByBuiltin()
|
|||
}
|
||||
}
|
||||
|
||||
std::string ScriptApiBase::getCurrentModNameInsecure(lua_State *L)
|
||||
{
|
||||
lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_CURRENT_MOD_NAME);
|
||||
auto ret = lua_isstring(L, -1) ? readParam<std::string>(L, -1) : "";
|
||||
lua_pop(L, 1);
|
||||
return ret;
|
||||
}
|
||||
|
||||
std::string ScriptApiBase::getCurrentModName(lua_State *L)
|
||||
{
|
||||
auto script = ModApiBase::getScriptApiBase(L);
|
||||
if (script->getType() == ScriptingType::Async ||
|
||||
script->getType() == ScriptingType::Emerge)
|
||||
{
|
||||
// As a precaution never return a "secure" mod name in the async and
|
||||
// emerge environment, because these currently do not track mod origins
|
||||
// in a spoof-safe way (see l_register_async_dofile and l_register_mapgen_script).
|
||||
return "";
|
||||
}
|
||||
|
||||
// We have to make sure that this function is being called directly by
|
||||
// a mod, otherwise a malicious mod could override a function and
|
||||
// steal its return value. (e.g. request_insecure_environment)
|
||||
lua_Debug info;
|
||||
|
||||
// Make sure there's only one item below this function on the stack...
|
||||
if (lua_getstack(L, 2, &info))
|
||||
return "";
|
||||
FATAL_ERROR_IF(!lua_getstack(L, 1, &info), "lua_getstack() failed");
|
||||
FATAL_ERROR_IF(!lua_getinfo(L, "S", &info), "lua_getinfo() failed");
|
||||
|
||||
// ...and that that item is the main file scope.
|
||||
if (strcmp(info.what, "main") != 0)
|
||||
return "";
|
||||
|
||||
// at this point we can trust this value:
|
||||
return getCurrentModNameInsecure(L);
|
||||
}
|
||||
|
||||
void ScriptApiBase::loadMod(const std::string &script_path,
|
||||
const std::string &mod_name)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue