[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: unescape lua string (opposite of %q)
- From: Shmuel Zeigerman <shmuz@...>
- Date: Sun, 06 Jun 2010 22:37:24 +0300
Kristofer Karlsson wrote:
One suggestion for the unescape is to first use loadstring, and then use
string.dump to verify that it contains no harmful code.
Basically, you just need to check that the function consists of two
opcodes. one LOADK for the string data, and one RETURN, which should be
fairly easy to verify.
Okay, this verifies the string and detects harmful code, if any.
But the original problem ("unescape") has nothing to do with harmful
code, it's a specific solution ("loadstring solution") that can be
exploited maliciously. Thus, if we detected harmful code, we cannot run
the compiled chunk and so cannot get the "unescaped" string.
FWIW, here is what I ended up with (Lrexlib/PCRE is used):
local map = {
a='\a', b='\b', f='\f', n='\n', r='\r', t='\t',
v='\v', ['\\']='\\', ['\"']='\"', ['\'']='\''
}
function unescape (str)
str = rex.gsub (str, [[\\(\d\d?\d?)|\\(.?)]],
function (c1, c2)
if c2 then return map[c2] or c2 end
local n = tonumber (c1)
assert (n < 256, "escape sequence too large")
return string.char(n)
end)
return str
end
--
Shmuel
- References:
- unescape lua string (opposite of %q), Graham Wakefield
- Re: unescape lua string (opposite of %q), Luiz Henrique de Figueiredo
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), Luiz Henrique de Figueiredo
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), Ricardo Ramos Massaro
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), HyperHacker
- Re: unescape lua string (opposite of %q), Shmuel Zeigerman
- Re: unescape lua string (opposite of %q), Erik Lindroos
- Re: unescape lua string (opposite of %q), Shmuel Zeigerman
- Re: unescape lua string (opposite of %q), Kristofer Karlsson