debug.getregistry() now only retrieves whitelisted members

darkdreamingdan · darkdreamingdan · commit 8455dde4b8a9 · 2016-08-11T15:37:08.000+01:00
By default, the Lua registry is now inaccessible to .lua scripts.  To
expose a registry entry to .lua, you must modify
CLuaUtilDefs::Debug_getregistry - ut and mt are already enabled.
diff --git a/Server/mods/deathmatch/logic/lua/CLuaMain.cpp b/Server/mods/deathmatch/logic/lua/CLuaMain.cpp
@@ -129,6 +129,13 @@ void CLuaMain::InitSecurity ( void )
     lua_register ( m_luaVM, "loadfile", CLuaUtilDefs::DisabledFunction );
     lua_register ( m_luaVM, "getfenv", CLuaUtilDefs::DisabledFunction );
     lua_register ( m_luaVM, "newproxy", CLuaUtilDefs::DisabledFunction );
+
+    // Wrap debug.getregistry to make it safe.
+    lua_getglobal(m_luaVM, "debug");                                // stack: [tbl_debug]
+    lua_pushstring(m_luaVM, "getregistry");                         // stack: [tbl_debug,"getregistry"]
+    lua_pushcfunction(m_luaVM, CLuaUtilDefs::Debug_getregistry);    // stack: [tbl_debug,"getregistry",CLuaUtilDefs::Debug_getregistry]
+    lua_rawset(m_luaVM, -3);                                        // stack: [tbl_debug]
+    lua_pop(m_luaVM, -1);                                           // stack: []
 }
 
 
diff --git a/Shared/mods/deathmatch/logic/luadefs/CLuaUtilDefs.cpp b/Shared/mods/deathmatch/logic/luadefs/CLuaUtilDefs.cpp
@@ -48,6 +48,23 @@ int CLuaUtilDefs::DisabledFunction ( lua_State* luaVM )
     return 1;
 }
 
+
+// Get a copy of the registry with whitelisted values
+int CLuaUtilDefs::Debug_getregistry(lua_State* luaVM)
+{
+    // Create a new registry library, with only whitelisted sections
+    lua_newtable(luaVM);                                      // stack: [tbl_new]
+    std::vector<const char*> szWhitelist = { "ud", "mt" };
+    for (auto it = szWhitelist.begin(); it != szWhitelist.end(); it++)
+    {
+        lua_pushstring(luaVM, *it);                           // stack: [tbl_new,"ud"]
+        lua_pushstring(luaVM, *it);                           // stack: [tbl_new,"ud","ud"]
+        lua_gettable(luaVM, LUA_REGISTRYINDEX);               // stack: [tbl_new,"ud",REGISTRY.ud]
+        lua_settable(luaVM, -3);                              // stack: [tbl_new]
+    }
+    return 1;
+}
+
 int CLuaUtilDefs::Dereference ( lua_State* luaVM )
 {
     int iPointer = 0;
diff --git a/Shared/mods/deathmatch/logic/luadefs/CLuaUtilDefs.h b/Shared/mods/deathmatch/logic/luadefs/CLuaUtilDefs.h
@@ -18,6 +18,7 @@ class CLuaUtilDefs : public CLuaDefs
 
     // Reserved functions
     LUA_DECLARE ( DisabledFunction );
+    LUA_DECLARE ( Debug_getregistry );
 
     // Util functions to make scripting easier for the end user
     // Some of these are based on standard mIRC script funcs as a lot of people will be used to them
