Issue 967: CVE-2020-14939: An issue was discovered in savestruct_internal.c - FreedroidRPG issues

Title	CVE-2020-14939: An issue was discovered in savestruct_internal.c
Priority	release-blocker	Status	resolved
Assigned To	fluzz	Keywords
Linked issues	CVE-2020-14938: An issue was discovered in map.c, Lua code execution in loading untrusted save game View: 968, 953	Watchers	fluzz

Submitted on 2020-06-26 06h41 by Snark, last changed by fluzz.

Messages
Author: Snark	Date: 2020-06-26 06h41
This bug was reported against the Debian package, but is an upstream issue : Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
Author: fluzz	Date: 2020-06-29 13h42
"A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading." That's true. But it is also true with the data files. They also contain Lua scripts... What's the real threat here ????
Author: fluzz	Date: 2020-06-29 13h52
relates to issue953
Author: jesusalva	Date: 2020-06-29 19h50
I guess it Depends on what capabilities this lua code haves. It is not harmful unless it can access system I/O or break the "sandbox".
Author: fluzz	Date: 2022-12-25 16h57
Fixed in commit e106cec2c Lua sandboxing added

History
Date	User	Action	Args
2022-12-25 16:57:23	fluzz	set	status: open -> resolved messages: + msg3775
2021-11-13 22:33:14	fluzz	link	issue968 linked
2021-11-13 22:33:03	fluzz	set	linked: + CVE-2020-14938: An issue was discovered in map.c
2021-11-13 16:49:55	fluzz	set	linked: + Lua code execution in loading untrusted save game
2021-11-13 16:49:52	fluzz	link	issue953 linked
2021-11-05 13:18:59	fluzz	set	assignedto: fluzz nosy: + fluzz
2021-11-05 10:53:35	fluzz	set	priority: important -> release-blocker
2020-06-29 19:50:58	jesusalva	set	messages: + msg3697
2020-06-29 13:52:30	fluzz	set	messages: + msg3695
2020-06-29 13:42:11	fluzz	set	messages: + msg3691
2020-06-26 06:41:08	Snark	create