[crossfire] Hardening plugin system

Nicolas Weeger nicolas.weeger at laposte.net
Wed Jan 11 15:35:09 CST 2006


Hello.

Currently, a plugin can easily crash the server, which doesn't check
parameters (just call a function with a NULL pointer, nice crash
guaranteed). Also, server doesn't checks parameters and such, which can
lead to invalid values (Str of 50 for a player...).

So should that be fixed in a way a plugin can *not* crash the server
through a callback, or send invalid parameters?
Note that preventing a plugin ever crashing the server is hard, since
the plugin itself can crash leading to server crash (and that isn't
something easy to avoid i think).

IMO "no" is an acceptable answer. We can after all "trust" a plugin to
do the right thing.

If we choose the "yes, let's harden the plugin system" option, here's my
suggestion for hardening:
* when plugin requests an object/map/archetype, server keeps the pointer
in an array and sends the index, which is used in subsequent functions
* this way, it's easy to check the pointer's validity - check index, if
inbounds ok, else issue
* when the plugin returns, server knows what objects were affected
(array can contain a "set_parameter" field, set when a setter is
called), and can send updates to player accordingly - should also
simplify plugin's code. Also can recalculate stuff when object is
removed, whatever.

Just my 2 cents :)

Nicolas



More information about the crossfire mailing list