From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Wed, 4 Jun 2025 11:15:41 +0000 (+0100)
Subject: [CritFix] In lua-ucl disable macros and file variables by default
X-Git-Tag: 3.12.0~9^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e1234de91e000a2e6518220d7b83d7d93ba097a;p=thirdparty%2Frspamd.git

[CritFix] In lua-ucl disable macros and file variables by default

Since we use libucl to parse untrusted data in some (actually in many) cases,
we must not enable any dangerous things like macros.

This fix should be treated as a critical one.
---

diff --git a/contrib/libucl/lua_ucl.c b/contrib/libucl/lua_ucl.c
index 473aefe0cf..13c5355cd3 100644
--- a/contrib/libucl/lua_ucl.c
+++ b/contrib/libucl/lua_ucl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024 Vsevolod Stakhov
+ * Copyright 2025 Vsevolod Stakhov
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -694,7 +694,13 @@ static int
 lua_ucl_parser_init(lua_State *L)
 {
 	struct ucl_parser *parser, **pparser;
-	int flags = UCL_PARSER_NO_FILEVARS;
+	/*
+	 * We disable file variables and macros by default, as
+	 * the most use cases are parsing of JSON and not of the real
+	 * files. Macros in the parser are very dangerous and should be used
+	 * for trusted data only.
+	 */
+	int flags = UCL_PARSER_NO_FILEVARS|UCL_PARSER_DISABLE_MACRO;
 
 	if (lua_gettop(L) >= 1) {
 		flags = lua_tonumber(L, 1);