lua: Security Advisory - lua - CVE-2020-15888

Backport fix from https://github.com/lua/lua.git. Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 698748c1538ed03efbcfdd936cf8317b4f138c29) Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Yue Tao <Yue.Tao@windriver.com> 2020-07-28 10:31:07 -0700
committer: Armin Kuster <akuster808@gmail.com> 2020-07-30 21:29:08 -0700
commit: fae2b902613f0fda14f70cbb1eb4c41e7c0fc9a7 (patch)
tree: d4369cdf5d196f2f320e1fddd86d868b6bd7bc7c
parent: 40f4f3ed5f6f006c05f36f6dd846b788e1ec98fd (diff)
download: meta-openembedded-fae2b902613f0fda14f70cbb1eb4c41e7c0fc9a7.tar.gz
2 files changed, 46 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch
new file mode 100644
index 0000000000..60a4125971
--- /dev/null
+++ b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch
@@ -0,0 +1,45 @@
+From 6298903e35217ab69c279056f925fb72900ce0b7 Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
+Date: Mon, 6 Jul 2020 12:11:54 -0300
+Subject: [PATCH] Keep minimum size when shrinking a stack
+When shrinking a stack (during GC), do not make it smaller than the
+initial stack size.
+---
+ ldo.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+==== end of original header ====
+CVE: CVE-2020-15888
+Upstream-Status: backport [https://github.com/lua/lua.git]
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+====
+diff --git a/ldo.c b/ldo.c
+index c563b1d9..a89ac010 100644
+--- a/src/ldo.c
+++ b/src/ldo.c
+@@ -220,7 +220,7 @@ static int stackinuse (lua_State *L) {
+ 
+ void luaD_shrinkstack (lua_State *L) {
+   int inuse = stackinuse(L);
+-  int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK;
+  int goodsize = inuse + BASIC_STACK_SIZE;
+   if (goodsize > LUAI_MAXSTACK)
+     goodsize = LUAI_MAXSTACK;  /* respect stack limit */
+   if (L->stacksize > LUAI_MAXSTACK)  /* had been handling stack overflow? */
+@@ -229,8 +229,7 @@ void luaD_shrinkstack (lua_State *L) {
+     luaE_shrinkCI(L);  /* shrink list */
+   /* if thread is currently not handling a stack overflow and its
+      good size is smaller than current size, shrink its stack */
+-  if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) &&
+-      goodsize < L->stacksize)
+  if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize)
+     luaD_reallocstack(L, goodsize);
+   else  /* don't change stack */
+     condmovestack(L,{},{});  /* (change only for debugging) */
+-- 
+2.17.1
diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
index a23a4a5dac..d3461b06de 100644
--- a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
+++ b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
@@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/"
 SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
           file://lua.pc.in \
           file://0001-Allow-building-lua-without-readline-on-Linux.patch \
+           file://CVE-2020-15888.patch \
           "
 # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
author	Yue Tao <Yue.Tao@windriver.com>	2020-07-28 10:31:07 -0700
committer	Armin Kuster <akuster808@gmail.com>	2020-07-30 21:29:08 -0700
commit	fae2b902613f0fda14f70cbb1eb4c41e7c0fc9a7 (patch)
tree	d4369cdf5d196f2f320e1fddd86d868b6bd7bc7c
parent	40f4f3ed5f6f006c05f36f6dd846b788e1ec98fd (diff)
download	meta-openembedded-fae2b902613f0fda14f70cbb1eb4c41e7c0fc9a7.tar.gz

diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch new file mode 100644 index 0000000000..60a4125971 --- /dev/null +++ b/meta-oe/recipes-devtools/lua/lua/CVE-2020-15888.patch
@@ -0,0 +1,45 @@
		1	From 6298903e35217ab69c279056f925fb72900ce0b7 Mon Sep 17 00:00:00 2001
		2	From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
		3	Date: Mon, 6 Jul 2020 12:11:54 -0300
		4	Subject: [PATCH] Keep minimum size when shrinking a stack
		5
		6	When shrinking a stack (during GC), do not make it smaller than the
		7	initial stack size.
		8	---
		9	ldo.c \| 5 ++---
		10	1 file changed, 2 insertions(+), 3 deletions(-)
		11	==== end of original header ====
		12
		13	CVE: CVE-2020-15888
		14
		15	Upstream-Status: backport [https://github.com/lua/lua.git]
		16
		17	Signed-off-by: Joe Slater <joe.slater@windriver.com>
		18
		19	====
		20	diff --git a/ldo.c b/ldo.c
		21	index c563b1d9..a89ac010 100644
		22	--- a/src/ldo.c
		23	+++ b/src/ldo.c
		24	@@ -220,7 +220,7 @@ static int stackinuse (lua_State *L) {
		25
		26	void luaD_shrinkstack (lua_State *L) {
		27	int inuse = stackinuse(L);
		28	- int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK;
		29	+ int goodsize = inuse + BASIC_STACK_SIZE;
		30	if (goodsize > LUAI_MAXSTACK)
		31	goodsize = LUAI_MAXSTACK; /* respect stack limit */
		32	if (L->stacksize > LUAI_MAXSTACK) /* had been handling stack overflow? */
		33	@@ -229,8 +229,7 @@ void luaD_shrinkstack (lua_State *L) {
		34	luaE_shrinkCI(L); /* shrink list */
		35	/* if thread is currently not handling a stack overflow and its
		36	good size is smaller than current size, shrink its stack */
		37	- if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) &&
		38	- goodsize < L->stacksize)
		39	+ if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize)
		40	luaD_reallocstack(L, goodsize);
		41	else /* don't change stack */
		42	condmovestack(L,{},{}); /* (change only for debugging) */
		43	--
		44	2.17.1
		45


diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb index a23a4a5dac..d3461b06de 100644 --- a/meta-oe/recipes-devtools/lua/lua_5.3.5.bb +++ b/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
@@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/"
7	SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \	7	SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
8	file://lua.pc.in \	8	file://lua.pc.in \
9	file://0001-Allow-building-lua-without-readline-on-Linux.patch \	9	file://0001-Allow-building-lua-without-readline-on-Linux.patch \
		10	file://CVE-2020-15888.patch \
10	"	11	"
11		12
12	# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.	13	# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.