diff options
| author |   Armin Kuster <akuster808@gmail.com> | 2019-05-31 18:00:01 -0700 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2019-09-02 19:54:39 -0700 |
| commit | aaa6eb0bb5da516373aa9e8c1dde8fdf85a54e95 (patch) | |
| tree | 08677c048ffdd86495f8dbdf99710624ac39f902 | |
| parent | 05360c2a74c62d39818bbbdc4fb7ec18bb6e83ff (diff) | |
| download | meta-openembedded-contrib-aaa6eb0bb5da516373aa9e8c1dde8fdf85a54e95.tar.gz | |
lua: Security fix for CVE-2019-6706
Source: lua.org
MR: 97553
Type: Security Fix
Disposition: Backport from http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
ChangeID: c939b7edcb54274ab0aeebcb7e3dc9f17cc09c2d
Description:
Affects < 5.3.5
Fixes:
CVE-2019-6706
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch | 32 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/lua/lua_5.3.4.bb | 1 |
2 files changed, 33 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch new file mode 100644 index 0000000000..cfe48af5a4 --- /dev/null +++ b/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch @@ -0,0 +1,32 @@ +CVE-2019-6706: use-after-free in lua_upvaluejoin function + +Upstream-Status: Backport +http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html +CVE: CVE-2019-6706 +Affects < 5.3.5 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: lua-5.3.4/src/lapi.c +=================================================================== +--- lua-5.3.4.orig/src/lapi.c ++++ lua-5.3.4/src/lapi.c +@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); ++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) return; /* Already joined */ ++ (*up2)->refcount++; ++ if (upisopen(*up2)) (*up2)->u.open.touched = 1; ++ luaC_upvalbarrier(L, *up2); + luaC_upvdeccount(L, *up1); + *up1 = *up2; +- (*up1)->refcount++; +- if (upisopen(*up1)) (*up1)->u.open.touched = 1; +- luaC_upvalbarrier(L, *up1); + } + + diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.4.bb b/meta-oe/recipes-devtools/lua/lua_5.3.4.bb index 8f4e8fe68c..978c2033ef 100644 --- a/meta-oe/recipes-devtools/lua/lua_5.3.4.bb +++ b/meta-oe/recipes-devtools/lua/lua_5.3.4.bb @@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/" DEPENDS = "readline" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ + file://CVE-2019-6706.patch \ " SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', \ 'http://www.lua.org/tests/lua-${PV}-tests.tar.gz;name=tarballtest \ |