[CritFix] In lua-ucl disable macros and file variables by default

Since we use libucl to parse untrusted data in some (actually in many) cases,
we must not enable any dangerous things like macros.

This fix should be treated as a critical one.

diff --git a/contrib/libucl/lua_ucl.c b/contrib/libucl/lua_ucl.c
index 473aefe0cf68b1009964ca78bbe058aa1b8be967..13c5355cd36f1f1afcac52c18729ce7c1eb42842 100644 (file)
--- a/contrib/libucl/lua_ucl.c
+++ b/contrib/libucl/lua_ucl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024 Vsevolod Stakhov
+ * Copyright 2025 Vsevolod Stakhov
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -694,7 +694,13 @@ static int
 lua_ucl_parser_init(lua_State *L)
 {
        struct ucl_parser *parser, **pparser;
-       int flags = UCL_PARSER_NO_FILEVARS;
+       /*
+        * We disable file variables and macros by default, as
+        * the most use cases are parsing of JSON and not of the real
+        * files. Macros in the parser are very dangerous and should be used
+        * for trusted data only.
+        */
+       int flags = UCL_PARSER_NO_FILEVARS|UCL_PARSER_DISABLE_MACRO;
 
        if (lua_gettop(L) >= 1) {
                flags = lua_tonumber(L, 1);