[Freeciv-commits] r27194 - in /branches/S2_4/dependencies/lua-5.1: Version src/ldo.c

[0jacobnk . gna]

Author: jtn
Date: Sat Dec  6 13:46:34 2014
New Revision: 27194

URL: http://svn.gna.org/viewcvs/freeciv?rev=27194&view=rev
Log:
Fix stack overflow in embedded Lua's vararg functions (CVE-2014-5461).

Patch comes from the Debian Lua package (5.1.5-4+deb7u1), with author
shown as Enrico Tassi (gareuselesi...@debian.org).

See gna bug #23031.

Modified:
    branches/S2_4/dependencies/lua-5.1/Version
    branches/S2_4/dependencies/lua-5.1/src/ldo.c

Modified: branches/S2_4/dependencies/lua-5.1/Version
URL: 
http://svn.gna.org/viewcvs/freeciv/branches/S2_4/dependencies/lua-5.1/Version?rev=27194&r1=27193&r2=27194&view=diff
==============================================================================
--- branches/S2_4/dependencies/lua-5.1/Version  (original)
+++ branches/S2_4/dependencies/lua-5.1/Version  Sat Dec  6 13:46:34 2014
@@ -1,6 +1,8 @@
 Sources here are from lua-5.1.5 (http://www.lua.org/ftp/lua-5.1.5.tar.gz)
 All applicable official lua.org patches, as of 05-Aug-13, have been applied.
 That is patch 2.
+A patch is also included for CVE-2014-5461, originating from Debian
+(from lua5.1 5.1.5-4+deb7u1, author shown as Enrico Tassi).
 
 Not entire lua distribution directory hierarchy is included here, and
 some files needed for Freeciv usage have been added.

Modified: branches/S2_4/dependencies/lua-5.1/src/ldo.c
URL: 
http://svn.gna.org/viewcvs/freeciv/branches/S2_4/dependencies/lua-5.1/src/ldo.c?rev=27194&r1=27193&r2=27194&view=diff
==============================================================================
--- branches/S2_4/dependencies/lua-5.1/src/ldo.c        (original)
+++ branches/S2_4/dependencies/lua-5.1/src/ldo.c        Sat Dec  6 13:46:34 2014
@@ -274,7 +274,7 @@
     CallInfo *ci;
     StkId st, base;
     Proto *p = cl->p;
-    luaD_checkstack(L, p->maxstacksize);
+    luaD_checkstack(L, p->maxstacksize + p->numparams);
     func = restorestack(L, funcr);
     if (!p->is_vararg) {  /* no varargs? */
       base = func + 1;


_______________________________________________
Freeciv-commits mailing list
Freeciv-commits@gna.org
https://mail.gna.org/listinfo/freeciv-commits