blob: 3680c715a702208486f155434cf51be9e3e10fc2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Tue, 15 Feb 2022 12:28:46 -0300
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
CVE: CVE-2022-28805
Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa]
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
src/lparser.c | 1 +
1 files changed, 1 insertions(+)
diff --git a/src/lparser.c b/src/lparser.c
index 3abe3d751..a5cd55257 100644
--- a/src/lparser.c
+++ b/src/lparser.c
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
expdesc key;
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
lua_assert(var->k != VVOID); /* this one must exist */
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
codestring(&key, varname); /* key is variable name */
luaK_indexed(fs, var, &key); /* env[varname] */
}
|
