Summary
A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device in the mod and can be performed by anyone who can execute Lua code on them.
This occurs while using the native Lua library. LuaJ appears to not have this issue using the test function below, which instead causes the offending program/code to exit silently and not exhibit the same effect.
Details
By making endlessly recursive calls to xpcall, the built-in timeout mechanism provided by machine.lua fails to escape the offending Lua function under certain conditions. The xpcall function within the sandbox provided by machine.lua does not sufficiently protect against the message handler function causing additional timeout errors. Even errors caused by infinite recursion such as stack overflows and out of memory errors are still caught by nested xpcalls.
|
xpcall = function(f, msgh, ...) |
|
local function checkDeadline() |
As the Lua VM never yields, the Computer thread running the offending program never releases a lock on the running Machine object. When the Server thread attempts to save the state of the computer, it blocks on acquiring the lock currently held by the Computer thread. The Server thread never acquires the lock and blocks indefinitely, preventing the server from continuing to function and causing data loss up to the most recent server save.
|
override def save(nbt: NBTTagCompound): Unit = Machine.this.synchronized(state.synchronized { |
The state of the machine is never saved and will not be running when the server restarts, so a server can recover by simply restarting the server. It is still possible for other machines to restart the offending machine to then trigger the effect again on server load.
Impact
Causes a Denial of Service against servers running OpenComputers using the native Lua library.
Patches
- OpenComputers mod releases starting from version 1.8.4 are not vulnerable.
- The GregTech: New Horizons modpack uses its own modified version of OpenComputers. They have applied the relevant patch in version 1.10.10-GTNH.
Caeleron Reporter
asiekierka Remediation developer
Summary
A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device in the mod and can be performed by anyone who can execute Lua code on them.
This occurs while using the native Lua library. LuaJ appears to not have this issue using the test function below, which instead causes the offending program/code to exit silently and not exhibit the same effect.
Details
By making endlessly recursive calls to xpcall, the built-in timeout mechanism provided by machine.lua fails to escape the offending Lua function under certain conditions. The xpcall function within the sandbox provided by machine.lua does not sufficiently protect against the message handler function causing additional timeout errors. Even errors caused by infinite recursion such as stack overflows and out of memory errors are still caught by nested xpcalls.
OpenComputers/src/main/resources/assets/opencomputers/lua/machine.lua
Line 809 in 050a0ae
OpenComputers/src/main/resources/assets/opencomputers/lua/machine.lua
Line 45 in 050a0ae
As the Lua VM never yields, the Computer thread running the offending program never releases a lock on the running Machine object. When the Server thread attempts to save the state of the computer, it blocks on acquiring the lock currently held by the Computer thread. The Server thread never acquires the lock and blocks indefinitely, preventing the server from continuing to function and causing data loss up to the most recent server save.
OpenComputers/src/main/scala/li/cil/oc/server/machine/Machine.scala
Line 796 in 050a0ae
The state of the machine is never saved and will not be running when the server restarts, so a server can recover by simply restarting the server. It is still possible for other machines to restart the offending machine to then trigger the effect again on server load.
Impact
Causes a Denial of Service against servers running OpenComputers using the native Lua library.
Patches