mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
lua: fix CVE-2022-28805
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Sana Kazi <sana.kazi@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 91e14d3a8e6e67267047473f5c449f266b44f354) Signed-off-by: Omkar Patil <omkar.patil@kpit.com> Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
committed by
Armin Kuster
parent
a8d82c80a1
commit
abd7cf838d
@@ -0,0 +1,73 @@
|
|||||||
|
From a38684e4cb4e1439e5f2f7370724496d5b363b32 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Steve Sakoman <steve@sakoman.com>
|
||||||
|
Date: Mon, 18 Apr 2022 09:04:08 -1000
|
||||||
|
Subject: [PATCH] lua: fix CVE-2022-28805
|
||||||
|
|
||||||
|
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup
|
||||||
|
call, leading to a heap-based buffer over-read that might affect a system that
|
||||||
|
compiles untrusted Lua code.
|
||||||
|
|
||||||
|
https://nvd.nist.gov/vuln/detail/CVE-2022-28805
|
||||||
|
|
||||||
|
(From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e)
|
||||||
|
|
||||||
|
Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
|
||||||
|
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
||||||
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
||||||
|
(cherry picked from commit 91e14d3a8e6e67267047473f5c449f266b44f354)
|
||||||
|
Signed-off-by: Omkar Patil <omkar.patil@kpit.com>
|
||||||
|
---
|
||||||
|
.../lua/lua/CVE-2022-28805.patch | 28 +++++++++++++++++++
|
||||||
|
meta-oe/recipes-devtools/lua/lua_5.3.6.bb | 1 +
|
||||||
|
2 files changed, 29 insertions(+)
|
||||||
|
create mode 100644 meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch
|
||||||
|
|
||||||
|
diff --git a/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch b/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..0a21d1ce7
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/meta-oe/recipes-devtools/lua/lua/CVE-2022-28805.patch
|
||||||
|
@@ -0,0 +1,28 @@
|
||||||
|
+From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
|
||||||
|
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
|
||||||
|
+Date: Tue, 15 Feb 2022 12:28:46 -0300
|
||||||
|
+Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
|
||||||
|
+
|
||||||
|
+CVE: CVE-2022-28805
|
||||||
|
+
|
||||||
|
+Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa]
|
||||||
|
+
|
||||||
|
+Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
|
||||||
|
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
||||||
|
+---
|
||||||
|
+ src/lparser.c | 1 +
|
||||||
|
+ 1 files changed, 1 insertions(+)
|
||||||
|
+
|
||||||
|
+diff --git a/src/lparser.c b/src/lparser.c
|
||||||
|
+index 3abe3d751..a5cd55257 100644
|
||||||
|
+--- a/src/lparser.c
|
||||||
|
++++ b/src/lparser.c
|
||||||
|
+@@ -300,6 +300,7 @@
|
||||||
|
+ expdesc key;
|
||||||
|
+ singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
|
||||||
|
+ lua_assert(var->k != VVOID); /* this one must exist */
|
||||||
|
++ luaK_exp2anyregup(fs, var); /* but could be a constant */
|
||||||
|
+ codestring(ls, &key, varname); /* key is variable name */
|
||||||
|
+ luaK_indexed(fs, var, &key); /* env[varname] */
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
diff --git a/meta-oe/recipes-devtools/lua/lua_5.3.6.bb b/meta-oe/recipes-devtools/lua/lua_5.3.6.bb
|
||||||
|
index 342ed1b54..0137cc3c5 100644
|
||||||
|
--- a/meta-oe/recipes-devtools/lua/lua_5.3.6.bb
|
||||||
|
+++ b/meta-oe/recipes-devtools/lua/lua_5.3.6.bb
|
||||||
|
@@ -10,6 +10,7 @@ SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
|
||||||
|
file://CVE-2020-15888.patch \
|
||||||
|
file://CVE-2020-15945.patch \
|
||||||
|
file://0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch \
|
||||||
|
+ file://CVE-2022-28805.patch \
|
||||||
|
"
|
||||||
|
|
||||||
|
# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
||||||
@@ -0,0 +1,28 @@
|
|||||||
|
From 1f3c6f4534c6411313361697d98d1145a1f030fa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
|
||||||
|
Date: Tue, 15 Feb 2022 12:28:46 -0300
|
||||||
|
Subject: [PATCH] Bug: Lua can generate wrong code when _ENV is <const>
|
||||||
|
|
||||||
|
CVE: CVE-2022-28805
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa]
|
||||||
|
|
||||||
|
Signed-off-by: Sana Kazi <sana.kazi@kpit.com>
|
||||||
|
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
||||||
|
---
|
||||||
|
src/lparser.c | 1 +
|
||||||
|
1 files changed, 1 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/lparser.c b/src/lparser.c
|
||||||
|
index 3abe3d751..a5cd55257 100644
|
||||||
|
--- a/src/lparser.c
|
||||||
|
+++ b/src/lparser.c
|
||||||
|
@@ -300,6 +300,7 @@
|
||||||
|
expdesc key;
|
||||||
|
singlevaraux(fs, ls->envn, var, 1); /* get environment variable */
|
||||||
|
lua_assert(var->k != VVOID); /* this one must exist */
|
||||||
|
+ luaK_exp2anyregup(fs, var); /* but could be a constant */
|
||||||
|
codestring(ls, &key, varname); /* key is variable name */
|
||||||
|
luaK_indexed(fs, var, &key); /* env[varname] */
|
||||||
|
}
|
||||||
|
|
||||||
@@ -10,6 +10,7 @@ SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
|
|||||||
file://CVE-2020-15888.patch \
|
file://CVE-2020-15888.patch \
|
||||||
file://CVE-2020-15945.patch \
|
file://CVE-2020-15945.patch \
|
||||||
file://0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch \
|
file://0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch \
|
||||||
|
file://CVE-2022-28805.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
|
# if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
|
||||||
|
|||||||
Reference in New Issue
Block a user