engine: fixed sandbox for Lua 5.2+

170569f6 · Marek Vavruša · a83099ac · 170569f6 · 170569f6
Commit 170569f6 authored Apr 12, 2015 by Marek Vavruša
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 17 deletions

daemon/engine.c daemon/engine.c +4 -2

daemon/lua/sandbox.lua daemon/lua/sandbox.lua +25 -15

No files found.
--- a/daemon/engine.c
+++ b/daemon/engine.c
@@ -171,7 +171,7 @@ static int l_sandboxcall(lua_State *L, int argc)
 {
 #if LUA_VERSION_NUM >= 502
 	lua_getglobal(L, "_SANDBOX");
-	lua_setupvalue(L, -2, 1);
+	lua_setupvalue(L, -(2 + argc), 1);
 #endif
 	return lua_pcall(L, argc, LUA_MULTRET, 0);
 }
@@ -188,6 +188,8 @@ int engine_cmd(struct engine *engine, const char *str)

 	/* Check result. */
 	if (l_sandboxcall(engine->L, 1) != 0) {
+		fprintf(stderr, "%s\n", lua_tostring(engine->L, -1));
+		lua_pop(engine->L, 1);
 		return kr_error(EINVAL);
 	}

@@ -227,7 +229,7 @@ static int engine_loadconf(struct engine *engine)

 	/* Evaluate */
 	if (ret != 0) {
-		fprintf(stderr, "[system] error %s\n", lua_tostring(engine->L, -1));
+		fprintf(stderr, "%s\n", lua_tostring(engine->L, -1));
 		lua_pop(engine->L, 1);
 		return kr_error(EINVAL);
 	}

--- a/daemon/lua/sandbox.lua
+++ b/daemon/lua/sandbox.lua
@@ -13,7 +13,7 @@ setmetatable(modules, {
 })

 -- Make sandboxed environment
-function make_sandbox(defined)
+local function make_sandbox(defined)
 	local __protected = { modules = true, cache = true, net = true }
 	return setmetatable({}, {
 		__index = defined,
@@ -29,6 +29,7 @@ function make_sandbox(defined)
 	})
 end

+-- Compatibility sandbox
 if setfenv then -- Lua 5.1 and less
 	_G = make_sandbox(getfenv(0))
 	setfenv(0, _G)
@@ -36,6 +37,29 @@ else -- Lua 5.2+
 	_SANDBOX = make_sandbox(_ENV)
 end

+-- Interactive command evaluation
+function eval_cmd(line)
+	-- Compatibility sandbox code loading
+	local function load_code(code)
+	    if getfenv then -- Lua 5.1
+	        return loadstring(code)
+	    else            -- Lua 5.2+
+	        return load(code, nil, 't', _ENV)
+	    end
+	end
+	local status, err, chunk
+	chunk, err = load_code('table_print('..line..')')
+	if err then
+		chunk, err = load_code(line)
+	end
+	if not err then
+		chunk()
+	end
+	if err then
+		print(err)
+	end
+end
+
 -- Pretty printing
 function table_print (tt, indent, done)
 	done = done or {}
@@ -57,18 +81,4 @@ function table_print (tt, indent, done)
 	else
 		io.write(tostring(tt) .. "\n")
 	end
-end
-
-- Interactive command evaluation
-function eval_cmd(line)
-	local chunk, err = loadstring('table_print('..line..')')
-	if err then
-		chunk, err = loadstring(line)
-	end
-	if not err then
-		status, err = pcall(chunk)
-	end
-	if err then
-		print(err)
-	end
 end
\ No newline at end of file