Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Mar 2018 18:25:27 +0000 (UTC)
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r330616 - in head/stand: liblua lua
Message-ID:  <201803071825.w27IPRov065734@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kevans
Date: Wed Mar  7 18:25:27 2018
New Revision: 330616
URL: https://svnweb.freebsd.org/changeset/base/330616

Log:
  lualoader: Expose loader.parse and add cli_execute_unparsed
  
  This will be used for scenarios where the command to execute is coming in
  via the environment (from, for example, loader.conf(5)) and is thus not
  necessarily trusted.
  
  cli_execute_unparsed will immediately be used for handling
  module_{before,after,error} as well as menu_timeout_command. We still want
  to offer these variables the ability to execute Lua-intercepted loader
  commands, but we don't want them to be able to execute arbitrary Lua.
  
  Reviewed by:	imp
  Differential Revision:	https://reviews.freebsd.org/D14580

Modified:
  head/stand/liblua/lutils.c
  head/stand/lua/cli.lua

Modified: head/stand/liblua/lutils.c
==============================================================================
--- head/stand/liblua/lutils.c	Wed Mar  7 18:03:22 2018	(r330615)
+++ head/stand/liblua/lutils.c	Wed Mar  7 18:25:27 2018	(r330616)
@@ -97,6 +97,24 @@ lua_interpret(lua_State *L)
 }
 
 static int
+lua_parse(lua_State *L)
+{
+	int	argc, nargc;
+	char	**argv;
+
+	if (parse(&argc, &argv, luaL_checkstring(L, 1)) == 0) {
+		for (nargc = 0; nargc < argc; ++nargc) {
+			lua_pushstring(L, argv[nargc]);
+		}
+		free(argv);
+		return nargc;
+	}
+
+	lua_pushnil(L);
+	return 1;
+}
+
+static int
 lua_getchar(lua_State *L)
 {
 
@@ -325,6 +343,7 @@ static const struct luaL_Reg loaderlib[] = {
 	REG_SIMPLE(delay),
 	REG_SIMPLE(command),
 	REG_SIMPLE(interpret),
+	REG_SIMPLE(parse),
 	REG_SIMPLE(getenv),
 	REG_SIMPLE(perform),
 	/* Also registered as the global 'printc' */

Modified: head/stand/lua/cli.lua
==============================================================================
--- head/stand/lua/cli.lua	Wed Mar  7 18:03:22 2018	(r330615)
+++ head/stand/lua/cli.lua	Wed Mar  7 18:25:27 2018	(r330616)
@@ -94,6 +94,10 @@ function cli_execute(...)
 
 end
 
+function cli.execute_unparsed(str)
+	cli_execute(loader.parse(str))
+end
+
 -- Module exports
 
 function cli.boot(...)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803071825.w27IPRov065734>