Any val_args functions with side-effects is unsafe for use in the Lua context, and previously this stopped them from having object methods created except where explicitly whitelisted (val_payload_lv, val_hdr).
Using the new val_args_flags field, we can track which sample fetches/converters are safe, without having to explicitly whitelist in the lua codebase. Before any val_args function is used, the val_args_flags field is checked as an additional safety measure. The following fetch/converters are now available from Lua: - 51d.all (51d_all) - 51d.single (51d_all) - distcc_body - distcc_param - bool - meth - json - field - word - regsub Initial-Discovery: Yue Zhu <y...@digitalocean.com> Signed-off-by: Robin H. Johnson <robb...@gentoo.org> Signed-off-by: Robin H. Johnson <rjohn...@digitalocean.com> --- src/hlua.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/src/hlua.c b/src/hlua.c index a9d126b53..6ddfed4b3 100644 --- a/src/hlua.c +++ b/src/hlua.c @@ -3299,9 +3299,14 @@ __LJMP static int hlua_run_sample_fetch(lua_State *L) MAY_LJMP(hlua_lua2arg_check(L, 2, args, f->arg_mask, hsmp->p)); /* Run the special args checker. */ - if (f->val_args && !f->val_args(args, NULL)) { - lua_pushfstring(L, "error in arguments"); - WILL_LJMP(lua_error(L)); + if (f->val_args) { + if (unlikely(f->val_args_flags != SMP_VAL_ARGS_F_SAFE)) { + lua_pushfstring(L, "argument validation is unsafe"); + WILL_LJMP(lua_error(L)); + } else if(!f->val_args(args, NULL)) { + lua_pushfstring(L, "error in arguments"); + WILL_LJMP(lua_error(L)); + } } /* Initialise the sample. */ @@ -3405,9 +3410,14 @@ __LJMP static int hlua_run_sample_conv(lua_State *L) MAY_LJMP(hlua_lua2arg_check(L, 3, args, conv->arg_mask, hsmp->p)); /* Run the special args checker. */ - if (conv->val_args && !conv->val_args(args, conv, "", 0, NULL)) { - hlua_pusherror(L, "error in arguments"); - WILL_LJMP(lua_error(L)); + if (conv->val_args) { + if (unlikely(conv->val_args_flags != SMP_VAL_ARGS_F_SAFE)) { + lua_pushfstring(L, "argument validation is unsafe"); + WILL_LJMP(lua_error(L)); + } else if (!conv->val_args(args, conv, "", 0, NULL)) { + hlua_pusherror(L, "error in arguments"); + WILL_LJMP(lua_error(L)); + } } /* Initialise the sample. */ @@ -7668,8 +7678,7 @@ void hlua_init(void) * not safe during the runtime. */ if ((sf->val_args != NULL) && - (sf->val_args != val_payload_lv) && - (sf->val_args != val_hdr)) + (sf->val_args_flags != SMP_VAL_ARGS_F_SAFE)) continue; /* gL.Tua doesn't support '.' and '-' in the function names, replace it @@ -7714,7 +7723,8 @@ void hlua_init(void) /* Dont register the keywork if the arguments check function are * not safe during the runtime. */ - if (sc->val_args != NULL) + if ((sc->val_args != NULL) && + (sc->val_args_flags != SMP_VAL_ARGS_F_SAFE)) continue; /* gL.Tua doesn't support '.' and '-' in the function names, replace it -- 2.18.0