From owner-svn-src-all@freebsd.org  Wed Mar  7 18:25:28 2018
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2438F475D2;
 Wed,  7 Mar 2018 18:25:27 +0000 (UTC)
 (envelope-from kevans@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 900DE85FAB;
 Wed,  7 Mar 2018 18:25:27 +0000 (UTC)
 (envelope-from kevans@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8ACDA25622;
 Wed,  7 Mar 2018 18:25:27 +0000 (UTC)
 (envelope-from kevans@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w27IPR13065736;
 Wed, 7 Mar 2018 18:25:27 GMT (envelope-from kevans@FreeBSD.org)
Received: (from kevans@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w27IPRov065734;
 Wed, 7 Mar 2018 18:25:27 GMT (envelope-from kevans@FreeBSD.org)
Message-Id: <201803071825.w27IPRov065734@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: kevans set sender to
 kevans@FreeBSD.org using -f
From: Kyle Evans <kevans@FreeBSD.org>
Date: Wed, 7 Mar 2018 18:25:27 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r330616 - in head/stand: liblua lua
X-SVN-Group: head
X-SVN-Commit-Author: kevans
X-SVN-Commit-Paths: in head/stand: liblua lua
X-SVN-Commit-Revision: 330616
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 18:25:28 -0000

Author: kevans
Date: Wed Mar  7 18:25:27 2018
New Revision: 330616
URL: https://svnweb.freebsd.org/changeset/base/330616

Log:
  lualoader: Expose loader.parse and add cli_execute_unparsed
  
  This will be used for scenarios where the command to execute is coming in
  via the environment (from, for example, loader.conf(5)) and is thus not
  necessarily trusted.
  
  cli_execute_unparsed will immediately be used for handling
  module_{before,after,error} as well as menu_timeout_command. We still want
  to offer these variables the ability to execute Lua-intercepted loader
  commands, but we don't want them to be able to execute arbitrary Lua.
  
  Reviewed by:	imp
  Differential Revision:	https://reviews.freebsd.org/D14580

Modified:
  head/stand/liblua/lutils.c
  head/stand/lua/cli.lua

Modified: head/stand/liblua/lutils.c
==============================================================================
--- head/stand/liblua/lutils.c	Wed Mar  7 18:03:22 2018	(r330615)
+++ head/stand/liblua/lutils.c	Wed Mar  7 18:25:27 2018	(r330616)
@@ -97,6 +97,24 @@ lua_interpret(lua_State *L)
 }
 
 static int
+lua_parse(lua_State *L)
+{
+	int	argc, nargc;
+	char	**argv;
+
+	if (parse(&argc, &argv, luaL_checkstring(L, 1)) == 0) {
+		for (nargc = 0; nargc < argc; ++nargc) {
+			lua_pushstring(L, argv[nargc]);
+		}
+		free(argv);
+		return nargc;
+	}
+
+	lua_pushnil(L);
+	return 1;
+}
+
+static int
 lua_getchar(lua_State *L)
 {
 
@@ -325,6 +343,7 @@ static const struct luaL_Reg loaderlib[] = {
 	REG_SIMPLE(delay),
 	REG_SIMPLE(command),
 	REG_SIMPLE(interpret),
+	REG_SIMPLE(parse),
 	REG_SIMPLE(getenv),
 	REG_SIMPLE(perform),
 	/* Also registered as the global 'printc' */

Modified: head/stand/lua/cli.lua
==============================================================================
--- head/stand/lua/cli.lua	Wed Mar  7 18:03:22 2018	(r330615)
+++ head/stand/lua/cli.lua	Wed Mar  7 18:25:27 2018	(r330616)
@@ -94,6 +94,10 @@ function cli_execute(...)
 
 end
 
+function cli.execute_unparsed(str)
+	cli_execute(loader.parse(str))
+end
+
 -- Module exports
 
 function cli.boot(...)