svn commit: r330616 - in head/stand: liblua lua

Kyle Evans kevans at FreeBSD.org
Wed Mar 7 18:25:28 UTC 2018 

Author: kevans
Date: Wed Mar  7 18:25:27 2018
New Revision: 330616
URL: https://svnweb.freebsd.org/changeset/base/330616

Log:
  lualoader: Expose loader.parse and add cli_execute_unparsed
  
  This will be used for scenarios where the command to execute is coming in
  via the environment (from, for example, loader.conf(5)) and is thus not
  necessarily trusted.
  
  cli_execute_unparsed will immediately be used for handling
  module_{before,after,error} as well as menu_timeout_command. We still want
  to offer these variables the ability to execute Lua-intercepted loader
  commands, but we don't want them to be able to execute arbitrary Lua.
  
  Reviewed by:	imp
  Differential Revision:	https://reviews.freebsd.org/D14580

Modified:
  head/stand/liblua/lutils.c
  head/stand/lua/cli.lua

Modified: head/stand/liblua/lutils.c
==============================================================================
--- head/stand/liblua/lutils.c	Wed Mar  7 18:03:22 2018	(r330615)
+++ head/stand/liblua/lutils.c	Wed Mar  7 18:25:27 2018	(r330616)
@@ -97,6 +97,24 @@ lua_interpret(lua_State *L)
 }
 
 static int
+lua_parse(lua_State *L)
+{
+	int	argc, nargc;
+	char	**argv;
+
+	if (parse(&argc, &argv, luaL_checkstring(L, 1)) == 0) {
+		for (nargc = 0; nargc < argc; ++nargc) {
+			lua_pushstring(L, argv[nargc]);
+		}
+		free(argv);
+		return nargc;
+	}
+
+	lua_pushnil(L);
+	return 1;
+}
+
+static int
 lua_getchar(lua_State *L)
 {
 
@@ -325,6 +343,7 @@ static const struct luaL_Reg loaderlib[] = {
 	REG_SIMPLE(delay),
 	REG_SIMPLE(command),
 	REG_SIMPLE(interpret),
+	REG_SIMPLE(parse),
 	REG_SIMPLE(getenv),
 	REG_SIMPLE(perform),
 	/* Also registered as the global 'printc' */

Modified: head/stand/lua/cli.lua
==============================================================================
--- head/stand/lua/cli.lua	Wed Mar  7 18:03:22 2018	(r330615)
+++ head/stand/lua/cli.lua	Wed Mar  7 18:25:27 2018	(r330616)
@@ -94,6 +94,10 @@ function cli_execute(...)
 
 end
 
+function cli.execute_unparsed(str)
+	cli_execute(loader.parse(str))
+end
+
 -- Module exports
 
 function cli.boot(...)

More information about the svn-src-head mailing list