Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/lua/patches/CVE-2014-5461.patch
author Rich Burridge <rich.burridge@oracle.com>
Tue, 09 Sep 2014 15:00:31 -0700
branchs11u2-sru
changeset 3303 353b45759c7e
permissions -rw-r--r--
19535331 problem in UTILITY/LUA

An overflow flaw was fixed in Lua 5.2.2:

  http://www.lua.org/bugs.html#5.2.2-1

This could cause the application to crash or, potentially, execute arbitrary
code. One way an attacker could trigger this issue is if they can control
parameters to a loadstring call (an eval in Lua,
http://en.wikipedia.org/wiki/Eval#Lua).

See also:

  https://bugzilla.redhat.com/show_bug.cgi?id=1132304

--- lua-5.1.4/src/ldo.c.orig	2014-08-31 09:15:30.815313542 -0700
+++ lua-5.1.4/src/ldo.c	2014-08-31 09:21:37.935417299 -0700
@@ -273,7 +273,7 @@
     CallInfo *ci;
     StkId st, base;
     Proto *p = cl->p;
-    luaD_checkstack(L, p->maxstacksize);
+    luaD_checkstack(L, p->maxstacksize + p->numparams);
     func = restorestack(L, funcr);
     if (!p->is_vararg) {  /* no varargs? */
       base = func + 1;
upstream/oracle/userland-gate