44 lines
1.3 KiB
Diff
44 lines
1.3 KiB
Diff
From fe8de4313f85e0f8af2eff1f78b52cfe56fb4c71 Mon Sep 17 00:00:00 2001
|
|
From: Oran Agra <oran@redislabs.com>
|
|
Date: Wed, 2 Oct 2024 19:54:06 +0300
|
|
Subject: [PATCH] Fix lua bit.tohex (CVE-2024-31449)
|
|
|
|
INT_MIN value must be explicitly checked, and cannot be negated.
|
|
---
|
|
deps/lua/src/lua_bit.c | 1 +
|
|
tests/unit/scripting.tcl | 6 ++++++
|
|
2 files changed, 7 insertions(+)
|
|
|
|
diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c
|
|
index 690df7d..a459ca9 100644
|
|
--- a/deps/lua/src/lua_bit.c
|
|
+++ b/deps/lua/src/lua_bit.c
|
|
@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L)
|
|
const char *hexdigits = "0123456789abcdef";
|
|
char buf[8];
|
|
int i;
|
|
+ if (n == INT32_MIN) n = INT32_MIN+1;
|
|
if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; }
|
|
if (n > 8) n = 8;
|
|
for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; }
|
|
diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
|
|
index d747fa6..a7e1e9e 100644
|
|
--- a/tests/unit/scripting.tcl
|
|
+++ b/tests/unit/scripting.tcl
|
|
@@ -459,6 +459,12 @@ start_server {tags {"scripting"}} {
|
|
set e
|
|
} {*ERR*attempted to create global*}
|
|
|
|
+ test {lua bit.tohex bug} {
|
|
+ set res [run_script {return bit.tohex(65535, -2147483648)} 0]
|
|
+ r ping
|
|
+ set res
|
|
+ } {0000FFFF}
|
|
+
|
|
test {Test an example script DECR_IF_GT} {
|
|
set decr_if_gt {
|
|
local current
|
|
--
|
|
2.33.0
|
|
|