fix CVE-2020-15890

2021-01-11 20:07:36 +08:00 · 2021-01-11 20:07:36 +08:00 · 3a986fad79
commit 3a986fad79
parent 1ea68d2c58
2 changed files with 32 additions and 1 deletions
--- a/CVE-2020-15890.patch
+++ b/CVE-2020-15890.patch
@ -0,0 +1,27 @@
+From 53f82e6e2e858a0a62fd1a2ff47e9866693382e6 Mon Sep 17 00:00:00 2001
+From: Mike Pall <mike>
+Date: Sun, 12 Jul 2020 14:30:34 +0200
+Subject: [PATCH] Fix frame traversal for __gc handler frames.
+
+Reported by Changochen.
+
+Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
+---
+ src/lj_err.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lj_err.c b/src/lj_err.c
+index caa7487..e3e0c2e 100644
+--- a/src/lj_err.c
+++ b/src/lj_err.c
+@@ -529,6 +529,7 @@ static ptrdiff_t finderrfunc(lua_State *L)
+       if (cframe_canyield(cf)) return 0;
+       if (cframe_errfunc(cf) >= 0)
+ 	return cframe_errfunc(cf);
+      cf = cframe_prev(cf);
+       frame = frame_prevd(frame);
+       break;
+     case FRAME_PCALL:
+-- 
+1.8.3.1
+
--- a/luajit.spec
+++ b/luajit.spec
@ -2,11 +2,12 @@

 Name:           luajit
 Version:        2.1.0
-Release:        0.9beta3
+Release:        1
 Summary:        Just-In-Time Compiler for Lua
 License:        MIT
 URL:            http://luajit.org/
 Source0:        http://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz
+Patch0:         CVE-2020-15890.patch

 ExclusiveArch:  %{arm} %{ix86} x86_64 %{mips} aarch64

@ -71,5 +72,8 @@ ln -s luajit-2.1.0-beta3 %{buildroot}%{_bindir}/luajit
 %{_mandir}/man1/%{name}.1*

 %changelog
+* Mon Jan 11 2021 zhangatao <zhangtao221@huawei.com> - 2.1.0-1
+- fix CVE-2020-15890
+
 * Sun Mar 15 2020 zhangatao <zhangtao221@huawei.com> - 2.1.0-0.8beta3
 - package init