diff options
| author | meir <meir@redis.com> | 2022-02-15 20:18:49 +0200 |
|---|---|---|
| committer | meir <meir@redis.com> | 2022-04-27 00:37:40 +0300 |
| commit | efa162bcd7ab1477c07d8ee85537e27c0cb1524b (patch) | |
| tree | 900e0b068a2f9c4dd351206caf2a368b12bb94bb /src/function_lua.c | |
| parent | 3731580b6b80c586322cadc6bc4be2b8b2bbb206 (diff) | |
| download | redis-efa162bcd7ab1477c07d8ee85537e27c0cb1524b.tar.gz | |
Protect any table which is reachable from globals and added globals white list.
The white list is done by setting a metatable on the global table before initializing
any library. The metatable set the `__newindex` field to a function that check
the white list before adding the field to the table. Fields which is not on the
white list are simply ignored.
After initialization phase is done we protect the global table and each table
that might be reachable from the global table. For each table we also protect
the table metatable if exists.
Diffstat (limited to 'src/function_lua.c')
| -rw-r--r-- | src/function_lua.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/function_lua.c b/src/function_lua.c index f8ca51f05..2e0250ea2 100644 --- a/src/function_lua.c +++ b/src/function_lua.c @@ -436,16 +436,17 @@ int luaEngineInitEngine() { luaRegisterLogFunction(lua_engine_ctx->lua); luaRegisterVersion(lua_engine_ctx->lua); - luaSetGlobalProtection(lua_engine_ctx->lua); /* protect redis */ - + luaSetErrorMetatable(lua_engine_ctx->lua); lua_setfield(lua_engine_ctx->lua, -2, REDIS_API_NAME); - luaSetGlobalProtection(lua_engine_ctx->lua); /* protect load library globals */ + luaSetErrorMetatable(lua_engine_ctx->lua); + luaSetTableProtectionRecursively(lua_engine_ctx->lua); /* protect load library globals */ lua_setfield(lua_engine_ctx->lua, LUA_REGISTRYINDEX, LIBRARY_API_NAME); /* Save error handler to registry */ lua_pushstring(lua_engine_ctx->lua, REGISTRY_ERROR_HANDLER_NAME); char *errh_func = "local dbg = debug\n" + "debug = nil\n" "local error_handler = function (err)\n" " local i = dbg.getinfo(2,'nSl')\n" " if i and i.what == 'C' then\n" @@ -466,7 +467,8 @@ int luaEngineInitEngine() { lua_settable(lua_engine_ctx->lua, LUA_REGISTRYINDEX); lua_pushvalue(lua_engine_ctx->lua, LUA_GLOBALSINDEX); - luaSetGlobalProtection(lua_engine_ctx->lua); + luaSetErrorMetatable(lua_engine_ctx->lua); + luaSetTableProtectionRecursively(lua_engine_ctx->lua); /* protect globals */ lua_pop(lua_engine_ctx->lua, 1); /* Save default globals to registry */ |