diff options
-rw-r--r-- | meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch | 32 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/lua/lua_5.3.4.bb | 1 |
2 files changed, 33 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch new file mode 100644 index 000000000..cfe48af5a --- /dev/null +++ b/meta-oe/recipes-devtools/lua/lua/CVE-2019-6706.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | CVE-2019-6706: use-after-free in lua_upvaluejoin function | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html | ||
5 | CVE: CVE-2019-6706 | ||
6 | Affects < 5.3.5 | ||
7 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
8 | |||
9 | Index: lua-5.3.4/src/lapi.c | ||
10 | =================================================================== | ||
11 | --- lua-5.3.4.orig/src/lapi.c | ||
12 | +++ lua-5.3.4/src/lapi.c | ||
13 | @@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * | ||
14 | |||
15 | LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, | ||
16 | int fidx2, int n2) { | ||
17 | - LClosure *f1; | ||
18 | - UpVal **up1 = getupvalref(L, fidx1, n1, &f1); | ||
19 | + UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ | ||
20 | UpVal **up2 = getupvalref(L, fidx2, n2, NULL); | ||
21 | + if (*up1 == *up2) return; /* Already joined */ | ||
22 | + (*up2)->refcount++; | ||
23 | + if (upisopen(*up2)) (*up2)->u.open.touched = 1; | ||
24 | + luaC_upvalbarrier(L, *up2); | ||
25 | luaC_upvdeccount(L, *up1); | ||
26 | *up1 = *up2; | ||
27 | - (*up1)->refcount++; | ||
28 | - if (upisopen(*up1)) (*up1)->u.open.touched = 1; | ||
29 | - luaC_upvalbarrier(L, *up1); | ||
30 | } | ||
31 | |||
32 | |||
diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.4.bb b/meta-oe/recipes-devtools/lua/lua_5.3.4.bb index 8f4e8fe68..978c2033e 100644 --- a/meta-oe/recipes-devtools/lua/lua_5.3.4.bb +++ b/meta-oe/recipes-devtools/lua/lua_5.3.4.bb | |||
@@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/" | |||
7 | DEPENDS = "readline" | 7 | DEPENDS = "readline" |
8 | SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ | 8 | SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ |
9 | file://lua.pc.in \ | 9 | file://lua.pc.in \ |
10 | file://CVE-2019-6706.patch \ | ||
10 | " | 11 | " |
11 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', \ | 12 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', \ |
12 | 'http://www.lua.org/tests/lua-${PV}-tests.tar.gz;name=tarballtest \ | 13 | 'http://www.lua.org/tests/lua-${PV}-tests.tar.gz;name=tarballtest \ |