Skip to content

Commit

Permalink
LUA: Backport CVE-2020-24370's patch
Browse files Browse the repository at this point in the history
CVE-2020-24370 is a security vulnerability in lua. Although the CVE
description in CVE-2020-24370 said that this CVE only affected lua
5.4.0, according to lua this CVE actually existed since lua 5.2. The
root cause of this CVE is the negation overflow that occurs when you
try to take the negative of 0x80000000. Thus, this CVE also exists in
openzfs. Try to backport the fix to the lua in openzfs since the
original fix is for 5.4 and several functions have been changed.

GHSA-gfr4-c37g-mm3v
https://nvd.nist.gov/vuln/detail/CVE-2020-24370
https://www.lua.org/bugs.html#5.4.0-11
lua/lua@a585eae

Reviewed-by: Tony Hutter <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: ChenHao Lu <[email protected]>
Closes #15847
  • Loading branch information
the-Chain-Warden-thresh authored and tonyhutter committed Feb 8, 2024
1 parent 1408531 commit 9342c46
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions module/lua/ldebug.c
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,11 @@ static const char *upvalname (Proto *p, int uv) {

static const char *findvararg (CallInfo *ci, int n, StkId *pos) {
int nparams = clLvalue(ci->func)->p->numparams;
if (n >= ci->u.l.base - ci->func - nparams)
int nvararg = cast_int(ci->u.l.base - ci->func) - nparams;
if (n <= -nvararg)
return NULL; /* no such vararg */
else {
*pos = ci->func + nparams + n;
*pos = ci->func + nparams - n;
return "(*vararg)"; /* generic name for any vararg */
}
}
Expand All @@ -127,7 +128,7 @@ static const char *findlocal (lua_State *L, CallInfo *ci, int n,
StkId base;
if (isLua(ci)) {
if (n < 0) /* access to vararg values? */
return findvararg(ci, -n, pos);
return findvararg(ci, n, pos);
else {
base = ci->u.l.base;
name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci));
Expand Down

0 comments on commit 9342c46

Please sign in to comment.