Execution of C_CovenantSanctumUI.DepositAnima, despite supposedly C-side function is tainted by some insecure values from Bagnon addon.
Blizzard_VoidStorageUI.xml
Bagnon version: 10.1.4
(But also seen reported on Bagnon's tracker much earlier in DF)
Blizzard TOC version: 100105
I'm still working on minimal example, but right now it can be readily observed by using "Bagnon" addon that overrides PlayerInteractionFrameManager.ShowFrame in Interface\AddOns\BagBrother\core\features\autoDisplay.lua in this line:
Specifically it is this fragment inside function body that affects deposit, if you comment out it alone deposit starts to work: type == Interactions.VoidStorageBanker and Addon.Frames:Show('vault'). So it boils down to canceling loading of standard "Blizzard_VoidStorageUI" addon and building own UI, presumably writing some insecure values in place where C_CovenantSanctumUI.DepositAnima reads them for some reason.
Simply running /run C_CovenantSanctumUI.DepositAnima() after loading unmodified Bagnon causes "Bagnon has been blocked..." window.
While Bagnon likely shouldn't try to replace deeply-ingrained details of UI with insecure variants, C_CovenantSanctumUI.DepositAnima being an API function with unavailable code should not depend on anything from Lua environment or at least should not acquire execution taint from it or be able to filter it.
Execution of
C_CovenantSanctumUI.DepositAnima
, despite supposedly C-side function is tainted by some insecure values from Bagnon addon.Blizzard_VoidStorageUI.xml Bagnon version: 10.1.4 (But also seen reported on Bagnon's tracker much earlier in DF) Blizzard TOC version: 100105
I'm still working on minimal example, but right now it can be readily observed by using "Bagnon" addon that overrides
PlayerInteractionFrameManager.ShowFrame
inInterface\AddOns\BagBrother\core\features\autoDisplay.lua
in this line:(
StopIf
function installs insecure pre-hook).Specifically it is this fragment inside function body that affects deposit, if you comment out it alone deposit starts to work:
type == Interactions.VoidStorageBanker and Addon.Frames:Show('vault')
. So it boils down to canceling loading of standard "Blizzard_VoidStorageUI" addon and building own UI, presumably writing some insecure values in place whereC_CovenantSanctumUI.DepositAnima
reads them for some reason.Simply running
/run C_CovenantSanctumUI.DepositAnima()
after loading unmodified Bagnon causes "Bagnon has been blocked..." window.While Bagnon likely shouldn't try to replace deeply-ingrained details of UI with insecure variants,
C_CovenantSanctumUI.DepositAnima
being an API function with unavailable code should not depend on anything from Lua environment or at least should not acquire execution taint from it or be able to filter it.