fix CVE-2020-24370
This commit is contained in:
zhuofeng
parent
2d84f2b2cd
commit
ec1cc520fb
37
CVE-2020-24370.patch
Normal file
37
CVE-2020-24370.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From a585eae6e7ada1ca9271607a4f48dfb17868ab7b Mon Sep 17 00:00:00 2001
|
||||
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
|
||||
Date: Mon, 27 Jul 2020 12:01:38 -0300
|
||||
Subject: [PATCH] Fixed bug: Negation overflow in getlocal/setlocal
|
||||
|
||||
---
|
||||
src/ldebug.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/ldebug.c b/src/ldebug.c
|
||||
index e1389296e..bb0e1d4ac 100644
|
||||
--- a/src/ldebug.c
|
||||
+++ b/src/ldebug.c
|
||||
@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) {
|
||||
|
||||
static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
|
||||
int nparams = clLvalue(ci->func)->p->numparams;
|
||||
- if (n >= cast_int(ci->u.l.base - ci->func) - nparams)
|
||||
+ int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
|
||||
+ if (n <= -nvararg)
|
||||
return NULL; /* no such vararg */
|
||||
else {
|
||||
- *pos = ci->func + nparams + n;
|
||||
+ *pos = ci->func + nparams - n;
|
||||
return "(*vararg)"; /* generic name for any vararg */
|
||||
}
|
||||
}
|
||||
@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
|
||||
StkId base;
|
||||
if (isLua(ci)) {
|
||||
if (n < 0) /* access to vararg values? */
|
||||
- return findvararg(ci, -n, pos);
|
||||
+ return findvararg(ci, n, pos);
|
||||
else {
|
||||
base = ci->u.l.base;
|
||||
name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));
|
||||
|
||||
10
lua.spec
10
lua.spec
@ -6,7 +6,7 @@
|
||||
|
||||
Name: lua
|
||||
Version: 5.3.5
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: A powerful, efficient, lightweight, embeddable scripting language
|
||||
License: MIT
|
||||
URL: http://www.lua.org/
|
||||
@ -26,6 +26,7 @@ Patch3: lua-5.3.0-configure-compat-module.patch
|
||||
|
||||
#Patch for cves
|
||||
Patch6000: lua-CVE-2019-6706.patch
|
||||
Patch6001: CVE-2020-24370.patch
|
||||
|
||||
BuildRequires: automake autoconf libtool readline-devel ncurses-devel
|
||||
|
||||
@ -63,6 +64,7 @@ sed -i 's|5.3.0|%{version}|g' configure.ac
|
||||
autoreconf -ifv
|
||||
|
||||
%patch6000 -p1
|
||||
%patch6001 -p1
|
||||
|
||||
%build
|
||||
%configure --with-readline --with-compat-module
|
||||
@ -133,6 +135,12 @@ LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{_bindir}/lua -e"_U=
|
||||
%{_mandir}/man1/lua*.1*
|
||||
|
||||
%changelog
|
||||
* Fri Sep 20 2024 zhuofeng <zhuofeng2@huawei.com> - 5.3.5-5
|
||||
- Type:CVE
|
||||
- CVE:CVE-2020-24370
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2020-24370
|
||||
|
||||
* Fri Oct 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 5.3.5-4
|
||||
- Package rebuild
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user