Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/lua/patches/CVE-2014-5461.patch
changeset 2064 a946477e6a46 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lua/patches/CVE-2014-5461.patch	Tue Sep 02 07:50:56 2014 -0700
@@ -0,0 +1,24 @@
+An overflow flaw was fixed in Lua 5.2.2:
+
+  http://www.lua.org/bugs.html#5.2.2-1
+
+This could cause the application to crash or, potentially, execute arbitrary
+code. One way an attacker could trigger this issue is if they can control
+parameters to a loadstring call (an eval in Lua,
+http://en.wikipedia.org/wiki/Eval#Lua).
+
+See also:
+
+  https://bugzilla.redhat.com/show_bug.cgi?id=1132304
+
+--- src/ldo.c.orig	2014-08-31 09:13:13.318213607 -0700
++++ src/ldo.c	2014-08-31 09:23:49.433127527 -0700
+@@ -323,7 +323,7 @@
+     case LUA_TLCL: {  /* Lua function: prepare its call */
+       StkId base;
+       Proto *p = clLvalue(func)->p;
+-      luaD_checkstack(L, p->maxstacksize);
++      luaD_checkstack(L, p->maxstacksize + p->numparams);
+       func = restorestack(L, funcr);
+       n = cast_int(L->top - func) - 1;  /* number of real arguments */
+       for (; n < p->numparams; n++)
upstream/oracle/userland-gate