upstream/oracle/userland-gate: changeset 3299:d85f3b182224

summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lua/patches/CVE-2014-5461.patch	Tue Sep 09 06:23:38 2014 -0700
@@ -0,0 +1,24 @@
+An overflow flaw was fixed in Lua 5.2.2:
+
+  http://www.lua.org/bugs.html#5.2.2-1
+
+This could cause the application to crash or, potentially, execute arbitrary
+code. One way an attacker could trigger this issue is if they can control
+parameters to a loadstring call (an eval in Lua,
+http://en.wikipedia.org/wiki/Eval#Lua).
+
+See also:
+
+  https://bugzilla.redhat.com/show_bug.cgi?id=1132304
+
+--- lua-5.1.4/src/ldo.c.orig	2014-08-31 09:15:30.815313542 -0700
++++ lua-5.1.4/src/ldo.c	2014-08-31 09:21:37.935417299 -0700
+@@ -273,7 +273,7 @@
+     CallInfo *ci;
+     StkId st, base;
+     Proto *p = cl->p;
+-    luaD_checkstack(L, p->maxstacksize);
++    luaD_checkstack(L, p->maxstacksize + p->numparams);
+     func = restorestack(L, funcr);
+     if (!p->is_vararg) {  /* no varargs? */
+       base = func + 1;

author	Rich Burridge <rich.burridge@oracle.com>
	Tue, 09 Sep 2014 06:23:38 -0700
branch	s11-update
changeset 3299	d85f3b182224
parent 3298	824a933aa683
child 3306	eab2ad081951