upstream/oracle/userland-gate: components/lua/patches/CVE-2014-5461.patch@353b45759c7e (annotated)

3303 353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	1	An overflow flaw was fixed in Lua 5.2.2:
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	2
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	3	http://www.lua.org/bugs.html#5.2.2-1
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	4
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	5	This could cause the application to crash or, potentially, execute arbitrary
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	6	code. One way an attacker could trigger this issue is if they can control
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	7	parameters to a loadstring call (an eval in Lua,
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	8	http://en.wikipedia.org/wiki/Eval#Lua).
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	9
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	10	See also:
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	11
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	12	https://bugzilla.redhat.com/show_bug.cgi?id=1132304
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	13
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	14	--- lua-5.1.4/src/ldo.c.orig 2014-08-31 09:15:30.815313542 -0700
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	15	+++ lua-5.1.4/src/ldo.c 2014-08-31 09:21:37.935417299 -0700
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	16	@@ -273,7 +273,7 @@
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	17	CallInfo *ci;
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	18	StkId st, base;
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	19	Proto *p = cl->p;
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	20	- luaD_checkstack(L, p->maxstacksize);
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	21	+ luaD_checkstack(L, p->maxstacksize + p->numparams);
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	22	func = restorestack(L, funcr);
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	23	if (!p->is_vararg) { /* no varargs? */
353b45759c7e 19535331 problem in UTILITY/LUA Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	24	base = func + 1;

author	Rich Burridge <rich.burridge@oracle.com>
	Tue, 09 Sep 2014 15:00:31 -0700
branch	s11u2-sru
changeset 3303	353b45759c7e
permissions	-rw-r--r--