https://www.mediawiki.org/wiki/Special:Code/MediaWiki/113891
Revision: 113891
Author: tstarling
Date: 2012-03-15 04:24:06 +0000 (Thu, 15 Mar 2012)
Log Message:
-----------
Override math.random and math.randomseed with versions that don't allow Lua to
affect the exection of PHP by setting the seed, or to obtain information about
state of PHP's PRNGs
Modified Paths:
--------------
trunk/php/luasandbox/luasandbox.c
trunk/php/luasandbox/php_luasandbox.h
Modified: trunk/php/luasandbox/luasandbox.c
===================================================================
--- trunk/php/luasandbox/luasandbox.c 2012-03-15 03:50:16 UTC (rev 113890)
+++ trunk/php/luasandbox/luasandbox.c 2012-03-15 04:24:06 UTC (rev 113891)
@@ -10,6 +10,7 @@
#include <float.h>
#include <signal.h>
#include <time.h>
+#include <stdlib.h>
#include "php.h"
#include "php_ini.h"
@@ -64,6 +65,8 @@
static int luasandbox_call_php(lua_State * L);
static int luasandbox_dump_writer(lua_State * L, const void * p, size_t sz,
void * ud);
static int luasandbox_base_tostring(lua_State * L);
+static int luasandbox_math_random(lua_State * L);
+static int luasandbox_math_randomseed(lua_State * L);
char luasandbox_timeout_message[] = "The maximum execution time for this
script was exceeded";
@@ -425,6 +428,15 @@
lua_setfield(L, -2, "dump");
lua_pop(L, 1);
+ // Install our own versions of math.random and math.randomseed
+ lua_getglobal(L, "math");
+ lua_pushcfunction(L, luasandbox_math_random);
+ lua_setfield(L, -2, "random");
+ lua_pushcfunction(L, luasandbox_math_randomseed);
+ lua_setfield(L, -2, "randomseed");
+ lua_pop(L, 1);
+
+
// Create a table for storing chunks
lua_newtable(L);
lua_setfield(L, LUA_REGISTRYINDEX, "php_luasandbox_chunks");
@@ -1736,6 +1748,54 @@
return 1;
}
/* }}} */
+
+/** {{{ luasandbox_math_random
+ *
+ * A math.random implementation that doesn't share state with PHP's rand()
+ */
+static int luasandbox_math_random(lua_State * L)
+{
+ php_luasandbox_obj * sandbox = luasandbox_get_php_obj(L);
+
+ int i = rand_r(&sandbox->random_seed);
+ if (i >= RAND_MAX) {
+ i -= RAND_MAX;
+ }
+ lua_Number r = (lua_Number)i / (lua_Number)RAND_MAX;
+ switch (lua_gettop(L)) { /* check number of arguments */
+ case 0: { /* no arguments */
+ lua_pushnumber(L, r); /* Number between 0 and 1 */
+ break;
+ }
+ case 1: { /* only upper limit */
+ int u = luaL_checkint(L, 1);
+ luaL_argcheck(L, 1<=u, 1, "interval is empty");
+ lua_pushnumber(L, floor(r*u)+1); /* int between 1 and
`u' */
+ break;
+ }
+ case 2: { /* lower and upper limits */
+ int l = luaL_checkint(L, 1);
+ int u = luaL_checkint(L, 2);
+ luaL_argcheck(L, l<=u, 2, "interval is empty");
+ lua_pushnumber(L, floor(r*(u-l+1))+l); /* int between
`l' and `u' */
+ break;
+ }
+ default: return luaL_error(L, "wrong number of arguments");
+ }
+ return 1;
+}
+/* }}} */
+
+/** {{{ luasandbox_math_randomseed
+ *
+ * Set the seed for the custom math.random.
+ */
+static int luasandbox_math_randomseed(lua_State * L)
+{
+ php_luasandbox_obj * sandbox = luasandbox_get_php_obj(L);
+ sandbox->random_seed = (unsigned int)luaL_checkint(L, 1);
+}
+/* }}} */
/*
* Local variables:
* tab-width: 4
Modified: trunk/php/luasandbox/php_luasandbox.h
===================================================================
--- trunk/php/luasandbox/php_luasandbox.h 2012-03-15 03:50:16 UTC (rev
113890)
+++ trunk/php/luasandbox/php_luasandbox.h 2012-03-15 04:24:06 UTC (rev
113891)
@@ -66,6 +66,7 @@
struct timespec cpu_normal_limit;
struct timespec cpu_emergency_limit;
int function_index;
+ unsigned int random_seed;
};
typedef struct _php_luasandbox_obj php_luasandbox_obj;
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
