[oe-commits] [meta-openembedded] 05/05: lua: Security fix for CVE-2019-6706
git at git.openembedded.org
git at git.openembedded.org
Tue Sep 3 02:55:19 UTC 2019
This is an automated email from the git hooks/post-receive script.
armin_kuster pushed a commit to branch thud-next
in repository meta-openembedded.
commit aaa6eb0bb5da516373aa9e8c1dde8fdf85a54e95
Author: Armin Kuster <akuster808 at gmail.com>
AuthorDate: Fri May 31 18:00:01 2019 -0700
lua: Security fix for CVE-2019-6706
Source: lua.org
MR: 97553
Type: Security Fix
Disposition: Backport from http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
ChangeID: c939b7edcb54274ab0aeebcb7e3dc9f17cc09c2d
Description:
Affects < 5.3.5
Fixes:
CVE-2019-6706
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../recipes-devtools/lua/lua/CVE-2019-6706.patch | 32 ++++++++++++++++++++++
meta-oe/recipes-devtools/lua/lua_5.3.4.bb | 1 +
2 files changed, 33 insertions(+)
diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch
new file mode 100644
index 0000000..cfe48af
--- /dev/null
+++ b/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch
@@ -0,0 +1,32 @@
+CVE-2019-6706: use-after-free in lua_upvaluejoin function
+
+Upstream-Status: Backport
+http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html
+CVE: CVE-2019-6706
+Affects < 5.3.5
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+Index: lua-5.3.4/src/lapi.c
+===================================================================
+--- lua-5.3.4.orig/src/lapi.c
++++ lua-5.3.4/src/lapi.c
+@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State *
+
+ LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
+ int fidx2, int n2) {
+- LClosure *f1;
+- UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */
+ UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
++ if (*up1 == *up2) return; /* Already joined */
++ (*up2)->refcount++;
++ if (upisopen(*up2)) (*up2)->u.open.touched = 1;
++ luaC_upvalbarrier(L, *up2);
+ luaC_upvdeccount(L, *up1);
+ *up1 = *up2;
+- (*up1)->refcount++;
+- if (upisopen(*up1)) (*up1)->u.open.touched = 1;
+- luaC_upvalbarrier(L, *up1);
+ }
+
+
diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.4.bb b/meta-oe/recipes-devtools/lua/lua_5.3.4.bb
index 8f4e8fe..978c203 100644
--- a/meta-oe/recipes-devtools/lua/lua_5.3.4.bb
+++ b/meta-oe/recipes-devtools/lua/lua_5.3.4.bb
@@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/"
DEPENDS = "readline"
SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
file://lua.pc.in \
+ file://CVE-2019-6706.patch \
"
SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', \
'http://www.lua.org/tests/lua-${PV}-tests.tar.gz;name=tarballtest \
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list