diff options
author | Steve Sakoman <steve@sakoman.com> | 2022-04-18 09:04:08 -1000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-19 14:02:08 +0100 |
commit | d2ba3b8850d461bc7b773240cdf15b22b31a3f9e (patch) | |
tree | 54b5a5be25016eac9eebe7cfaeebad363da53afe /meta/recipes-devtools | |
parent | 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4 (diff) | |
download | openembedded-core-contrib-d2ba3b8850d461bc7b773240cdf15b22b31a3f9e.tar.gz |
lua: fix CVE-2022-28805
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup
call, leading to a heap-based buffer over-read that might affect a system that
compiles untrusted Lua code.
https://nvd.nist.gov/vuln/detail/CVE-2022-28805
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/lua/lua/CVE-2022-28805.patch | 26 | ||||
-rw-r--r-- | meta/recipes-devtools/lua/lua_5.4.4.bb | 1 |
2 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch b/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch new file mode 100644 index 0000000000..3680c715a7 --- /dev/null +++ b/meta/recipes-devtools/lua/lua/CVE-2022-28805.patch @@ -0,0 +1,26 @@ +From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Tue, 15 Feb 2022 12:28:46 -0300 +Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const> + +CVE: CVE-2022-28805 + +Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa] + +Signed-off-by: Steve Sakoman <steve@sakoman.com> +--- + src/lparser.c | 1 + + 1 files changed, 1 insertions(+) + +diff --git a/src/lparser.c b/src/lparser.c +index 3abe3d751..a5cd55257 100644 +--- a/src/lparser.c ++++ b/src/lparser.c +@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) { + expdesc key; + singlevaraux(fs, ls->envn, var, 1); /* get environment variable */ + lua_assert(var->k != VVOID); /* this one must exist */ ++ luaK_exp2anyregup(fs, var); /* but could be a constant */ + codestring(&key, varname); /* key is variable name */ + luaK_indexed(fs, var, &key); /* env[varname] */ + } diff --git a/meta/recipes-devtools/lua/lua_5.4.4.bb b/meta/recipes-devtools/lua/lua_5.4.4.bb index f50328ecfd..d704841378 100644 --- a/meta/recipes-devtools/lua/lua_5.4.4.bb +++ b/meta/recipes-devtools/lua/lua_5.4.4.bb @@ -6,6 +6,7 @@ HOMEPAGE = "http://www.lua.org/" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ + file://CVE-2022-28805.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \ " |