diff options
| author | Richard Yao <[email protected]> | 2022-09-27 19:44:13 -0400 |
|---|---|---|
| committer | Tony Hutter <[email protected]> | 2022-09-27 16:49:02 -0700 |
| commit | c973929b29bb945d1a1fd9f54a5238360f0e1029 (patch) | |
| tree | 3c9a577c5a0dfc69e8dd60c693046c30858b5ed5 /module | |
| parent | 835e03682c22f95a774f1a21d6e96e00f063fef9 (diff) | |
LUA: Fix CVE-2014-5461
Apply the fix from upstream.
http://www.lua.org/bugs.html#5.2.2-1
https://www.opencve.io/cve/CVE-2014-5461
It should be noted that exploiting this requires the `SYS_CONFIG`
privilege, and anyone with that privilege likely has other opportunities
to do exploits, so it is unlikely that bad actors could exploit this
unless system administrators are executing untrusted ZFS Channel
Programs.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Richard Yao <[email protected]>
Closes #13949
Diffstat (limited to 'module')
| -rw-r--r-- | module/lua/ldo.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/module/lua/ldo.c b/module/lua/ldo.c index 08a952007..a9835c4f5 100644 --- a/module/lua/ldo.c +++ b/module/lua/ldo.c @@ -406,7 +406,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) { StkId base; Proto *p = clLvalue(func)->p; n = cast_int(L->top - func) - 1; /* number of real arguments */ - luaD_checkstack(L, p->maxstacksize); + luaD_checkstack(L, p->maxstacksize + p->numparams); for (; n < p->numparams; n++) setnilvalue(L->top++); /* complete missing arguments */ if (!p->is_vararg) { |