From ea02a42162f06b2bd3d929a86394a1b191d1c836 Mon Sep 17 00:00:00 2001 From: Mm2PL Date: Wed, 22 Jan 2025 02:35:52 +0100 Subject: [PATCH] Fixed a potential way to escape the Lua Plugin sandbox (#5846) --- CHANGELOG.md | 1 + src/controllers/plugins/LuaAPI.cpp | 5 +++++ src/controllers/plugins/LuaAPI.hpp | 2 ++ src/controllers/plugins/PluginController.cpp | 3 +++ 4 files changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7fcaffa4d59..644ed3fd107 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - Minor: Treat all browsers starting with `firefox` as a Firefox browser. (#5805) - Minor: Remove incognito browser support for `opera/launcher` (this should no longer be a thing). (#5805) - Minor: Remove incognito browser support for `iexplore`, because internet explorer is EOL. (#5810) +- Bugfix: Fixed a potential way to escape the Lua Plugin sandbox. (#5846) - Bugfix: Fixed a crash relating to Lua HTTP. (#5800) - Bugfix: Fixed a crash that could occur on Linux and macOS when clicking "Install" from the update prompt. (#5818) - Bugfix: Fixed missing word wrap in update popup. (#5811) diff --git a/src/controllers/plugins/LuaAPI.cpp b/src/controllers/plugins/LuaAPI.cpp index 4f73c51ee1c..7ddc3ed2218 100644 --- a/src/controllers/plugins/LuaAPI.cpp +++ b/src/controllers/plugins/LuaAPI.cpp @@ -264,6 +264,11 @@ void g_print(ThisPluginState L, sol::variadic_args args) logHelper(L, L.plugin(), stream, args); } +void package_loadlib(sol::variadic_args args) +{ + throw std::runtime_error("package.loadlib: this function is a stub!"); +} + } // namespace chatterino::lua::api // NOLINTEND(*vararg) #endif diff --git a/src/controllers/plugins/LuaAPI.hpp b/src/controllers/plugins/LuaAPI.hpp index bd83dee5aff..e1e59a94467 100644 --- a/src/controllers/plugins/LuaAPI.hpp +++ b/src/controllers/plugins/LuaAPI.hpp @@ -128,6 +128,8 @@ void c2_later(ThisPluginState L, sol::protected_function callback, int time); // These ones are global sol::variadic_results g_load(ThisPluginState s, sol::object data); void g_print(ThisPluginState L, sol::variadic_args args); + +void package_loadlib(sol::variadic_args args); // NOLINTEND(readability-identifier-naming) // This is for require() exposed as an element of package.searchers diff --git a/src/controllers/plugins/PluginController.cpp b/src/controllers/plugins/PluginController.cpp index 1a2bc3a1042..d2231394a29 100644 --- a/src/controllers/plugins/PluginController.cpp +++ b/src/controllers/plugins/PluginController.cpp @@ -244,6 +244,9 @@ void PluginController::initSol(sol::state_view &lua, Plugin *plugin) io.set_function("write", &lua::api::io_write); io.set_function("popen", &lua::api::io_popen); io.set_function("tmpfile", &lua::api::io_tmpfile); + + sol::table package = g["package"]; + package.set_function("loadlib", &lua::api::package_loadlib); } void PluginController::load(const QFileInfo &index, const QDir &pluginDir,