fix CVE-2021-43519 patch error
This commit is contained in:
shixuantong
parent
0ddcdf1bea
commit
937bcad33b
@ -7,41 +7,14 @@ Subject: [PATCH] Bug: C stack overflow with coroutines
|
||||
continuing execution after a protected error (that is,
|
||||
while running 'precover').
|
||||
---
|
||||
src/ldo.c | 6 ++++--
|
||||
testes/cstack.lua | 14 ++++++++++++++
|
||||
lua-5.4.3-tests/cstack.lua | 14 ++++++++++++++
|
||||
src/ldo.c | 6 ++++--
|
||||
2 files changed, 18 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/ldo.c b/src/ldo.c
|
||||
index d0edc8b4f..66f890364 100644
|
||||
--- a/src/ldo.c
|
||||
+++ b/src/ldo.c
|
||||
@@ -759,11 +759,10 @@ static void resume (lua_State *L, void *ud) {
|
||||
StkId firstArg = L->top - n; /* first argument */
|
||||
CallInfo *ci = L->ci;
|
||||
if (L->status == LUA_OK) /* starting a coroutine? */
|
||||
- ccall(L, firstArg - 1, LUA_MULTRET, 1); /* just call its body */
|
||||
+ ccall(L, firstArg - 1, LUA_MULTRET, 0); /* just call its body */
|
||||
else { /* resuming from previous yield */
|
||||
lua_assert(L->status == LUA_YIELD);
|
||||
L->status = LUA_OK; /* mark that it is running (again) */
|
||||
- luaE_incCstack(L); /* control the C stack */
|
||||
if (isLua(ci)) { /* yielded inside a hook? */
|
||||
L->top = firstArg; /* discard arguments */
|
||||
luaV_execute(L, ci); /* just continue running Lua code */
|
||||
@@ -814,6 +813,9 @@ LUA_API int lua_resume (lua_State *L, lua_State *from, int nargs,
|
||||
else if (L->status != LUA_YIELD) /* ended with errors? */
|
||||
return resume_error(L, "cannot resume dead coroutine", nargs);
|
||||
L->nCcalls = (from) ? getCcalls(from) : 0;
|
||||
+ if (getCcalls(L) >= LUAI_MAXCCALLS)
|
||||
+ return resume_error(L, "C stack overflow", nargs);
|
||||
+ L->nCcalls++;
|
||||
luai_userstateresume(L, nargs);
|
||||
api_checknelems(L, (L->status == LUA_OK) ? nargs + 1 : nargs);
|
||||
status = luaD_rawrunprotected(L, resume, &nargs);
|
||||
diff --git a/testes/cstack.lua b/testes/cstack.lua
|
||||
index 213d15d47..ca76c8729 100644
|
||||
--- a/testes/cstack.lua
|
||||
+++ b/testes/cstack.lua
|
||||
diff --git a/lua-5.4.3-tests/cstack.lua b/lua-5.4.3-tests/cstack.lua
|
||||
index 213d15d..ca76c87 100644
|
||||
--- a/lua-5.4.3-tests/cstack.lua
|
||||
+++ b/lua-5.4.3-tests/cstack.lua
|
||||
@@ -103,6 +103,20 @@ do
|
||||
end
|
||||
|
||||
@ -63,3 +36,33 @@ index 213d15d47..ca76c8729 100644
|
||||
if T then
|
||||
print("testing stack recovery")
|
||||
local N = 0 -- trace number of calls
|
||||
diff --git a/src/ldo.c b/src/ldo.c
|
||||
index 7135079..ca558fd 100644
|
||||
--- a/src/ldo.c
|
||||
+++ b/src/ldo.c
|
||||
@@ -728,11 +728,10 @@ static void resume (lua_State *L, void *ud) {
|
||||
StkId firstArg = L->top - n; /* first argument */
|
||||
CallInfo *ci = L->ci;
|
||||
if (L->status == LUA_OK) /* starting a coroutine? */
|
||||
- ccall(L, firstArg - 1, LUA_MULTRET, 1); /* just call its body */
|
||||
+ ccall(L, firstArg - 1, LUA_MULTRET, 0); /* just call its body */
|
||||
else { /* resuming from previous yield */
|
||||
lua_assert(L->status == LUA_YIELD);
|
||||
L->status = LUA_OK; /* mark that it is running (again) */
|
||||
- luaE_incCstack(L); /* control the C stack */
|
||||
if (isLua(ci)) { /* yielded inside a hook? */
|
||||
L->top = firstArg; /* discard arguments */
|
||||
luaV_execute(L, ci); /* just continue running Lua code */
|
||||
@@ -783,6 +782,9 @@ LUA_API int lua_resume (lua_State *L, lua_State *from, int nargs,
|
||||
else if (L->status != LUA_YIELD) /* ended with errors? */
|
||||
return resume_error(L, "cannot resume dead coroutine", nargs);
|
||||
L->nCcalls = (from) ? getCcalls(from) : 0;
|
||||
+ if (getCcalls(L) >= LUAI_MAXCCALLS)
|
||||
+ return resume_error(L, "C stack overflow", nargs);
|
||||
+ L->nCcalls++;
|
||||
luai_userstateresume(L, nargs);
|
||||
api_checknelems(L, (L->status == LUA_OK) ? nargs + 1 : nargs);
|
||||
status = luaD_rawrunprotected(L, resume, &nargs);
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
|
||||
7
lua.spec
7
lua.spec
@ -6,7 +6,7 @@
|
||||
|
||||
Name: lua
|
||||
Version: 5.4.3
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: A powerful, efficient, lightweight, embeddable scripting language
|
||||
License: MIT
|
||||
URL: http://www.lua.org/
|
||||
@ -56,6 +56,8 @@ mv src/luaconf.h src/luaconf.h.template.in
|
||||
%patch1 -p1 -z .idsize
|
||||
%patch2 -p1 -z .configure-linux
|
||||
%patch3 -p1 -z .configure-compat-all
|
||||
%patch6000 -p1
|
||||
|
||||
# Put proper version in configure.ac, patch0 hardcodes 5.3.0
|
||||
sed -i 's|5.3.0|%{version}|g' configure.ac
|
||||
autoreconf -ifv
|
||||
@ -129,6 +131,9 @@ LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} $RPM_BUILD_ROOT/%{_bindir}/lua -e"_U=
|
||||
%{_mandir}/man1/lua*.1*
|
||||
|
||||
%changelog
|
||||
* Thu Apr 14 2022 shixuantong <shixuantong@h-partners.com> - 5.4.3-5
|
||||
- fix CVE-2021-43519 patch error
|
||||
|
||||
* Fri Apr 01 2022 shixuantong <shixuantong@h-partners.com> - 5.4.3-4
|
||||
- fix CVE-2021-43519
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user