Author: kevans
Date: Wed Mar  7 18:25:27 2018
New Revision: 330616
URL: https://svnweb.freebsd.org/changeset/base/330616

Log:
  lualoader: Expose loader.parse and add cli_execute_unparsed
  
  This will be used for scenarios where the command to execute is coming in
  via the environment (from, for example, loader.conf(5)) and is thus not
  necessarily trusted.
  
  cli_execute_unparsed will immediately be used for handling
  module_{before,after,error} as well as menu_timeout_command. We still want
  to offer these variables the ability to execute Lua-intercepted loader
  commands, but we don't want them to be able to execute arbitrary Lua.
  
  Reviewed by:  imp
  Differential Revision:        https://reviews.freebsd.org/D14580

Modified:
  head/stand/liblua/lutils.c
  head/stand/lua/cli.lua

Modified: head/stand/liblua/lutils.c
==============================================================================
--- head/stand/liblua/lutils.c  Wed Mar  7 18:03:22 2018        (r330615)
+++ head/stand/liblua/lutils.c  Wed Mar  7 18:25:27 2018        (r330616)
@@ -97,6 +97,24 @@ lua_interpret(lua_State *L)
 }
 
 static int
+lua_parse(lua_State *L)
+{
+       int     argc, nargc;
+       char    **argv;
+
+       if (parse(&argc, &argv, luaL_checkstring(L, 1)) == 0) {
+               for (nargc = 0; nargc < argc; ++nargc) {
+                       lua_pushstring(L, argv[nargc]);
+               }
+               free(argv);
+               return nargc;
+       }
+
+       lua_pushnil(L);
+       return 1;
+}
+
+static int
 lua_getchar(lua_State *L)
 {
 
@@ -325,6 +343,7 @@ static const struct luaL_Reg loaderlib[] = {
        REG_SIMPLE(delay),
        REG_SIMPLE(command),
        REG_SIMPLE(interpret),
+       REG_SIMPLE(parse),
        REG_SIMPLE(getenv),
        REG_SIMPLE(perform),
        /* Also registered as the global 'printc' */

Modified: head/stand/lua/cli.lua
==============================================================================
--- head/stand/lua/cli.lua      Wed Mar  7 18:03:22 2018        (r330615)
+++ head/stand/lua/cli.lua      Wed Mar  7 18:25:27 2018        (r330616)
@@ -94,6 +94,10 @@ function cli_execute(...)
 
 end
 
+function cli.execute_unparsed(str)
+       cli_execute(loader.parse(str))
+end
+
 -- Module exports
 
 function cli.boot(...)
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to