X-Git-Url: https://git.saurik.com/redis.git/blobdiff_plain/0cdecca1418b0329ede2c43151912d35ea790a51..7eb850ef0e437323e2d84157ddc2e6e82af57bbc:/src/scripting.c?ds=sidebyside diff --git a/src/scripting.c b/src/scripting.c index 03938edd..35b654f7 100644 --- a/src/scripting.c +++ b/src/scripting.c @@ -167,6 +167,13 @@ int luaRedisGenericCommand(lua_State *lua, int raise_error) { redisClient *c = server.lua_client; sds reply; + /* Require at least one argument */ + if (argc == 0) { + luaPushError(lua, + "Please specify at least one argument for redis.call()"); + return 1; + } + /* Build the arguments vector */ argv = zmalloc(sizeof(robj*)*argc); for (j = 0; j < argc; j++) { @@ -275,11 +282,10 @@ int luaRedisGenericCommand(lua_State *lua, int raise_error) { * reply as expected. */ if ((cmd->flags & REDIS_CMD_SORT_FOR_SCRIPT) && (reply[0] == '*' && reply[1] != '-')) { - /* Skip this step if command is SORT but output was already sorted */ - if (cmd->proc != sortCommand || server.sort_dontsort) luaSortArray(lua); } sdsfree(reply); + c->reply_bytes = 0; cleanup: /* Clean up. Command code may have changed argv/argc so we use the @@ -412,41 +418,46 @@ void luaLoadLibraries(lua_State *lua) { #endif } -void scriptingProtectGlobals(lua_State *lua) { - char *s[26]; +/* Remove a functions that we don't want to expose to the Redis scripting + * environment. */ +void luaRemoveUnsupportedFunctions(lua_State *lua) { + lua_pushnil(lua); + lua_setglobal(lua,"loadfile"); +} + +/* This function installs metamethods in the global table _G that prevent + * the creation of globals accidentally. + * + * It should be the last to be called in the scripting engine initialization + * sequence, because it may interact with creation of globals. */ +void scriptingEnableGlobalsProtection(lua_State *lua) { + char *s[32]; sds code = sdsempty(); - int j; + int j = 0; - /* strict.lua from: http://metalua.luaforge.net/src/lib/strict.lua.html */ - s[0]="local mt = getmetatable(_G)\n"; - s[1]="if mt == nil then\n"; - s[2]=" mt = {}\n"; - s[3]=" setmetatable(_G, mt)\n"; - s[4]="end\n"; - s[5]="__STRICT = true\n"; - s[6]="mt.__declared = {}\n"; - s[7]="mt.__newindex = function (t, n, v)\n"; - s[8]=" if __STRICT and not mt.__declared[n] and debug.getinfo(2) then\n"; - s[9]=" local w = debug.getinfo(2, \"S\").what\n"; - s[10]=" if w ~= \"main\" and w ~= \"C\" then\n"; - s[11]=" error(\"assign to undeclared global var '\"..n..\"'\", 2)\n"; - s[12]=" end\n"; - s[13]=" mt.__declared[n] = true\n"; - s[14]=" end\n"; - s[15]=" rawset(t, n, v)\n"; - s[16]="end\n"; - s[17]="mt.__index = function (t, n)\n"; - s[18]=" if debug.getinfo(2) and not mt.__declared[n] and debug.getinfo(2, \"S\").what ~= \"C\" then\n"; - s[19]=" error(\"global var '\"..n..\"' is not declared\", 2)\n"; - s[20]=" end\n"; - s[21]=" return rawget(t, n)\n"; - s[22]="end\n"; - s[23]="function global(...)\n"; - s[24]=" for _, v in ipairs{...} do mt.__declared[v] = true end\n"; - s[25]="end\n"; - - for (j = 0; j < 26; j++) code = sdscatlen(code,s[j],strlen(s[j])); - luaL_loadbuffer(lua,code,sdslen(code),"strict_lua"); + /* strict.lua from: http://metalua.luaforge.net/src/lib/strict.lua.html. + * Modified to be adapted to Redis. */ + s[j++]="local mt = {}\n"; + s[j++]="setmetatable(_G, mt)\n"; + s[j++]="mt.__newindex = function (t, n, v)\n"; + s[j++]=" if debug.getinfo(2) then\n"; + s[j++]=" local w = debug.getinfo(2, \"S\").what\n"; + s[j++]=" if w ~= \"main\" and w ~= \"C\" then\n"; + s[j++]=" error(\"Script attempted to create global variable '\"..tostring(n)..\"'\", 2)\n"; + s[j++]=" end\n"; + s[j++]=" end\n"; + s[j++]=" rawset(t, n, v)\n"; + s[j++]="end\n"; + s[j++]="mt.__index = function (t, n)\n"; + s[j++]=" if debug.getinfo(2) and debug.getinfo(2, \"S\").what ~= \"C\" then\n"; + s[j++]=" error(\"Script attempted to access unexisting global variable '\"..tostring(n)..\"'\", 2)\n"; + s[j++]=" end\n"; + s[j++]=" return rawget(t, n)\n"; + s[j++]="end\n"; + s[j++]=NULL; + + for (j = 0; s[j] != NULL; j++) code = sdscatlen(code,s[j],strlen(s[j])); + luaL_loadbuffer(lua,code,sdslen(code),"@enable_strict_lua"); lua_pcall(lua,0,0,0); sdsfree(code); } @@ -457,7 +468,9 @@ void scriptingProtectGlobals(lua_State *lua) { * See scriptingReset() for more information. */ void scriptingInit(void) { lua_State *lua = lua_open(); + luaLoadLibraries(lua); + luaRemoveUnsupportedFunctions(lua); /* Initialize a dictionary we use to map SHAs to scripts. * This is useful for replication, as we need to replicate EVALSHA @@ -527,7 +540,7 @@ void scriptingInit(void) { " if b == false then b = '' end\n" " return aptr,sdslen(body->ptr)); funcdef = sdscatlen(funcdef," end",4); - if (luaL_loadbuffer(lua,funcdef,sdslen(funcdef),"func definition")) { + if (luaL_loadbuffer(lua,funcdef,sdslen(funcdef),"@user_script")) { addReplyErrorFormat(c,"Error compiling script (new function): %s\n", lua_tostring(lua,-1)); lua_pop(lua,1); @@ -709,6 +722,7 @@ void evalGenericCommand(redisClient *c, int evalsha) { lua_State *lua = server.lua; char funcname[43]; long long numkeys; + int delhook = 0; /* We want the same PRNG sequence at every call so that our PRNG is * not affected by external state. */ @@ -779,19 +793,19 @@ void evalGenericCommand(redisClient *c, int evalsha) { * is running for too much time. * We set the hook only if the time limit is enabled as the hook will * make the Lua script execution slower. */ + server.lua_caller = c; + server.lua_time_start = ustime()/1000; + server.lua_kill = 0; if (server.lua_time_limit > 0 && server.masterhost == NULL) { lua_sethook(lua,luaMaskCountHook,LUA_MASKCOUNT,100000); - } else { - lua_sethook(lua,luaMaskCountHook,0,0); + delhook = 1; } /* At this point whatever this script was never seen before or if it was * already defined, we can call it. We have zero arguments and expect * a single return value. */ - server.lua_caller = c; - server.lua_time_start = ustime()/1000; - server.lua_kill = 0; if (lua_pcall(lua,0,1,0)) { + if (delhook) lua_sethook(lua,luaMaskCountHook,0,0); /* Disable hook */ if (server.lua_timedout) { server.lua_timedout = 0; /* Restore the readable handler that was unregistered when the @@ -807,6 +821,7 @@ void evalGenericCommand(redisClient *c, int evalsha) { lua_gc(lua,LUA_GCCOLLECT,0); return; } + if (delhook) lua_sethook(lua,luaMaskCountHook,0,0); /* Disable hook */ server.lua_timedout = 0; server.lua_caller = NULL; selectDb(c,server.lua_client->db->id); /* set DB ID from Lua client */