Author: jtn Date: Sat Dec 6 13:46:34 2014 New Revision: 27194 URL: http://svn.gna.org/viewcvs/freeciv?rev=27194&view=rev Log: Fix stack overflow in embedded Lua's vararg functions (CVE-2014-5461).
Patch comes from the Debian Lua package (5.1.5-4+deb7u1), with author shown as Enrico Tassi (gareuselesi...@debian.org). See gna bug #23031. Modified: branches/S2_4/dependencies/lua-5.1/Version branches/S2_4/dependencies/lua-5.1/src/ldo.c Modified: branches/S2_4/dependencies/lua-5.1/Version URL: http://svn.gna.org/viewcvs/freeciv/branches/S2_4/dependencies/lua-5.1/Version?rev=27194&r1=27193&r2=27194&view=diff ============================================================================== --- branches/S2_4/dependencies/lua-5.1/Version (original) +++ branches/S2_4/dependencies/lua-5.1/Version Sat Dec 6 13:46:34 2014 @@ -1,6 +1,8 @@ Sources here are from lua-5.1.5 (http://www.lua.org/ftp/lua-5.1.5.tar.gz) All applicable official lua.org patches, as of 05-Aug-13, have been applied. That is patch 2. +A patch is also included for CVE-2014-5461, originating from Debian +(from lua5.1 5.1.5-4+deb7u1, author shown as Enrico Tassi). Not entire lua distribution directory hierarchy is included here, and some files needed for Freeciv usage have been added. Modified: branches/S2_4/dependencies/lua-5.1/src/ldo.c URL: http://svn.gna.org/viewcvs/freeciv/branches/S2_4/dependencies/lua-5.1/src/ldo.c?rev=27194&r1=27193&r2=27194&view=diff ============================================================================== --- branches/S2_4/dependencies/lua-5.1/src/ldo.c (original) +++ branches/S2_4/dependencies/lua-5.1/src/ldo.c Sat Dec 6 13:46:34 2014 @@ -274,7 +274,7 @@ CallInfo *ci; StkId st, base; Proto *p = cl->p; - luaD_checkstack(L, p->maxstacksize); + luaD_checkstack(L, p->maxstacksize + p->numparams); func = restorestack(L, funcr); if (!p->is_vararg) { /* no varargs? */ base = func + 1; _______________________________________________ Freeciv-commits mailing list Freeciv-commits@gna.org https://mail.gna.org/listinfo/freeciv-commits