zdoom/raze-gles
0
0
Fork 0
mirror of https://github.com/ZDoom/raze-gles.git synced 2024-12-26 03:30:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Lunatic: protect user modules from tampering, too.

Browse source 
git-svn-id: https://svn.eduke32.com/eduke32@2840 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
helixhorned 2012-07-20 21:57:37 +00:00
parent ee9991adbd
commit 3c5e36feb4
2 changed files with 29 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
polymer/eduke32/source/lunatic/defs.ilua
View file

@ -528,6 +528,7 @@ for modname, themodule in pairs(allowed_modules) do
__metatable = true, __metatable = true,
} }
-- Comment out to make base modules not protected:
allowed_modules[modname] = setmetatable({}, mt) allowed_modules[modname] = setmetatable({}, mt)
end end
@ -611,10 +612,27 @@ local function our_require(modname)
if (type(modtab) ~= "table") then if (type(modtab) ~= "table") then
errorf(ERRLEV-1, "Didn't load module \"%s\": expected table as return value", modname) errorf(ERRLEV-1, "Didn't load module \"%s\": expected table as return value", modname)
end end
package_loaded[modname] = modtab package_loaded[modname] = modtab
else
modtab = package_loaded[modname]
if (type(modtab) ~= "table") then
errorf(ERRLEV-1, "Didn't load module \"%s\": expected module() to be called", modname)
end
end end
return package_loaded[modname] -- Protect module table...
local mt = {
__index = modtab,
__newindex = function(tab,idx,val)
error("modifying module table forbidden", 2)
end,
}
-- ..here:
setmetatable(modtab, mt)
return modtab
end end

10
polymer/eduke32/source/lunatic/test.elua
View file

@ -96,6 +96,8 @@ if (vol==1 and lev==8) then
end end
end end
local unsafe = pcall(function() string.UNSAFE=true; end)
--]] --]]
--tostring = nil -- REMEMBER --tostring = nil -- REMEMBER
--DBG_.printkv('_G in test.elua', _G) --DBG_.printkv('_G in test.elua', _G)
@ -151,8 +153,12 @@ checkfail('gv.CEILING = 3', "cannot create new or write into existing fields of
checkfail('local s=require[[string]]; local tmp=s.dump(gameevent)', checkfail('local s=require[[string]]; local tmp=s.dump(gameevent)',
"attempt to call field 'dump' (a nil value)") "attempt to call field 'dump' (a nil value)")
-- disallow changing base module tables if (not unsafe) then
-- changing base module tables is disallowed
checkfail('local s=require[[string]]; s.format=nil', "modifying base module table forbidden") checkfail('local s=require[[string]]; s.format=nil', "modifying base module table forbidden")
else
print('WARNING: RUNNING WITH UNPROTECTED BASE MODULES')
end
print('') print('')
-- This is problematic, even though pretty much every access will yield a -- This is problematic, even though pretty much every access will yield a
@ -173,6 +179,8 @@ checkfail('local spr = sprite[0]; local x=spr+1',
checkfail('gameactor(1680, 0)', "bad argument #3 to 'gameactor' (function expected, got number)") checkfail('gameactor(1680, 0)', "bad argument #3 to 'gameactor' (function expected, got number)")
checkfail("do local bt=require'bittest'; bt.QWE=1; end", "modifying module table forbidden")
printf('ceilingbunch of sector 0: %d', getbunch(0, gv.CEILING)) printf('ceilingbunch of sector 0: %d', getbunch(0, gv.CEILING))