From ec1cc520fb262272e8d7f3d829de370272d4fbf5 Mon Sep 17 00:00:00 2001 From: zhuofeng Date: Fri, 20 Sep 2024 15:20:32 +0800 Subject: [PATCH] fix CVE-2020-24370 --- CVE-2020-24370.patch | 37 +++++++++++++++++++++++++++++++++++++ lua.spec | 10 +++++++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-24370.patch diff --git a/CVE-2020-24370.patch b/CVE-2020-24370.patch new file mode 100644 index 0000000..0f32779 --- /dev/null +++ b/CVE-2020-24370.patch @@ -0,0 +1,37 @@ +From a585eae6e7ada1ca9271607a4f48dfb17868ab7b Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy +Date: Mon, 27 Jul 2020 12:01:38 -0300 +Subject: [PATCH] Fixed bug: Negation overflow in getlocal/setlocal + +--- +src/ldebug.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/ldebug.c b/src/ldebug.c +index e1389296e..bb0e1d4ac 100644 +--- a/src/ldebug.c ++++ b/src/ldebug.c +@@ -133,10 +133,11 @@ static const char *upvalname (Proto *p, int uv) { + + static const char *findvararg (CallInfo *ci, int n, StkId *pos) { + int nparams = clLvalue(ci->func)->p->numparams; +- if (n >= cast_int(ci->u.l.base - ci->func) - nparams) ++ int nvararg = cast_int(ci->u.l.base - ci->func) - nparams; ++ if (n <= -nvararg) + return NULL; /* no such vararg */ + else { +- *pos = ci->func + nparams + n; ++ *pos = ci->func + nparams - n; + return "(*vararg)"; /* generic name for any vararg */ + } + } +@@ -148,7 +149,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n, + StkId base; + if (isLua(ci)) { + if (n < 0) /* access to vararg values? */ +- return findvararg(ci, -n, pos); ++ return findvararg(ci, n, pos); + else { + base = ci->u.l.base; + name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci)); + diff --git a/lua.spec b/lua.spec index 3eba84f..eadca00 100644 --- a/lua.spec +++ b/lua.spec @@ -6,7 +6,7 @@ Name: lua Version: 5.3.5 -Release: 4 +Release: 5 Summary: A powerful, efficient, lightweight, embeddable scripting language License: MIT URL: http://www.lua.org/ @@ -26,6 +26,7 @@ Patch3: lua-5.3.0-configure-compat-module.patch #Patch for cves Patch6000: lua-CVE-2019-6706.patch +Patch6001: CVE-2020-24370.patch BuildRequires: automake autoconf libtool readline-devel ncurses-devel @@ -63,6 +64,7 @@ sed -i 's|5.3.0|%{version}|g' configure.ac autoreconf -ifv %patch6000 -p1 +%patch6001 -p1 %build %configure --with-readline --with-compat-module @@ -133,6 +135,12 @@ LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{_bindir}/lua -e"_U= %{_mandir}/man1/lua*.1* %changelog +* Fri Sep 20 2024 zhuofeng - 5.3.5-5 +- Type:CVE +- CVE:CVE-2020-24370 +- SUG:NA +- DESC:fix CVE-2020-24370 + * Fri Oct 11 2019 openEuler Buildteam - 5.3.5-4 - Package rebuild