Fixed a potential way to escape the Lua Plugin sandbox (Chatterino#5846)

SevenTV · Jan 22, 2025 · ea02a42 · ea02a42
1 parent a9984b6
commit ea02a42
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@
 - Minor: Treat all browsers starting with `firefox` as a Firefox browser. (#5805)
 - Minor: Remove incognito browser support for `opera/launcher` (this should no longer be a thing). (#5805)
 - Minor: Remove incognito browser support for `iexplore`, because internet explorer is EOL. (#5810)
+- Bugfix: Fixed a potential way to escape the Lua Plugin sandbox. (#5846)
 - Bugfix: Fixed a crash relating to Lua HTTP. (#5800)
 - Bugfix: Fixed a crash that could occur on Linux and macOS when clicking "Install" from the update prompt. (#5818)
 - Bugfix: Fixed missing word wrap in update popup. (#5811)

diff --git a/src/controllers/plugins/LuaAPI.cpp b/src/controllers/plugins/LuaAPI.cpp
@@ -264,6 +264,11 @@ void g_print(ThisPluginState L, sol::variadic_args args)
     logHelper(L, L.plugin(), stream, args);
 }
 
+void package_loadlib(sol::variadic_args args)
+{
+    throw std::runtime_error("package.loadlib: this function is a stub!");
+}
+
 }  // namespace chatterino::lua::api
 // NOLINTEND(*vararg)
 #endif
diff --git a/src/controllers/plugins/LuaAPI.hpp b/src/controllers/plugins/LuaAPI.hpp
@@ -128,6 +128,8 @@ void c2_later(ThisPluginState L, sol::protected_function callback, int time);
 // These ones are global
 sol::variadic_results g_load(ThisPluginState s, sol::object data);
 void g_print(ThisPluginState L, sol::variadic_args args);
+
+void package_loadlib(sol::variadic_args args);
 // NOLINTEND(readability-identifier-naming)
 
 // This is for require() exposed as an element of package.searchers

diff --git a/src/controllers/plugins/PluginController.cpp b/src/controllers/plugins/PluginController.cpp
@@ -244,6 +244,9 @@ void PluginController::initSol(sol::state_view &lua, Plugin *plugin)
     io.set_function("write", &lua::api::io_write);
     io.set_function("popen", &lua::api::io_popen);
     io.set_function("tmpfile", &lua::api::io_tmpfile);
+
+    sol::table package = g["package"];
+    package.set_function("loadlib", &lua::api::package_loadlib);
 }
 
 void PluginController::load(const QFileInfo &index, const QDir &pluginDir,