Skip to content

Commit

Permalink
LUA: Fix CVE-2014-5461
Browse files Browse the repository at this point in the history 
Apply the fix from upstream.

http://www.lua.org/bugs.html#5.2.2-1
https://www.opencve.io/cve/CVE-2014-5461

It should be noted that exploiting this requires the `SYS_CONFIG`
privilege, and anyone with that privilege likely has other opportunities
to do exploits, so it is unlikely that bad actors could exploit this
unless system administrators are executing untrusted ZFS Channel
Programs.

Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
  • Loading branch information
@ryao
ryao committed Sep 24, 2022
1 parent ebe1d03 commit 0c3a6b8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion module/lua/ldo.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -405,7 +405,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) {
StkId base;
Proto *p = clLvalue(func)->p;
n = cast_int(L->top - func) - 1; /* number of real arguments */
luaD_checkstack(L, p->maxstacksize);
luaD_checkstack(L, p->maxstacksize + p->numparams);
for (; n < p->numparams; n++)
setnilvalue(L->top++); /* complete missing arguments */
if (!p->is_vararg) {
Expand Down

0 comments on commit 0c3a6b8

Please sign in to comment.