lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Mon, Feb 5, 2001, Luiz Henrique de Figueiredo <lhf@tecgraf.puc-rio.br>
wrote:

>[...] If dostring accepted precompiled code, it might be possible to crash 
>the host by feeding dostring with malicious code [...]
>
>Anyway, it's simple to change dostring to allow precompiled code: Just remove
>the two lines marked below from lbaselib.c:
>
> static int luaB_dostring (lua_State *L) {
>   int oldtop = lua_gettop(L);
>   size_t l;
>   const char *s = luaL_check_lstr(L, 1, &l);
>|  if (*s == '\27')  /* binary files start with ESC... */
>|    lua_error(L, "`dostring' cannot run pre-compiled code");
>   return passresults(L, lua_dobuffer(L, s, l, luaL_opt_string(L, 2, s)),
>oldtop)
> ;
>}

Suggestion: please move those two lines to lua_dostring in lapi.c, since
that call cannot handle precompiled code with embedded null bytes.

In terms of what to do in C and what to do in Lua, my mantra is:
    Make POLICY decisons scripted, write just INTERFACES in C

The reason is that this way one can provide maximum functionality, yet
use the scripting layer to alter/restrict the API when needed.  An
(untested) example:

  function dostring(s,...)
    if strbyte(s)==27 then
      error("`dostring' cannot run pre-compiled code")
    end
    return %dostring(s,arg[1])
  end

-jcw