mirror of
https://git.yoctoproject.org/poky
synced 2026-02-10 02:33:02 +01:00
91e14d3a8e
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
27 lines
1002 B
Diff
27 lines
1002 B
Diff
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
|
|
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
|
|
Date: Tue, 15 Feb 2022 12:28:46 -0300
|
|
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
|
|
|
|
CVE: CVE-2022-28805
|
|
|
|
Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa]
|
|
|
|
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
---
|
|
src/lparser.c | 1 +
|
|
1 files changed, 1 insertions(+)
|
|
|
|
diff --git a/src/lparser.c b/src/lparser.c
|
|
index 3abe3d751..a5cd55257 100644
|
|
--- a/src/lparser.c
|
|
+++ b/src/lparser.c
|
|
@@ -468,6 +468,7 @@ static void singlevar (LexState *ls, expdesc *var) {
|
|
expdesc key;
|
|
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
|
|
lua_assert(var->k != VVOID); /* this one must exist */
|
|
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
|
|
codestring(&key, varname); /* key is variable name */
|
|
luaK_indexed(fs, var, &key); /* env[varname] */
|
|
}
|