aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorthe-Chain-Warden-thresh <[email protected]>2024-02-08 03:53:05 +0800
committerTony Hutter <[email protected]>2024-02-08 15:22:16 -0800
commitd22bf6a9bd216523e3f58195282be12d9da7fd33 (patch)
treee3ba155ed530ff423b91c4b9a76808074927ad6a /tests
parent40e20d808ce263ac6f62c96a5c9cb10dc4add151 (diff)
LUA: Backport CVE-2020-24370's patch
CVE-2020-24370 is a security vulnerability in lua. Although the CVE description in CVE-2020-24370 said that this CVE only affected lua 5.4.0, according to lua this CVE actually existed since lua 5.2. The root cause of this CVE is the negation overflow that occurs when you try to take the negative of 0x80000000. Thus, this CVE also exists in openzfs. Try to backport the fix to the lua in openzfs since the original fix is for 5.4 and several functions have been changed. https://github.com/advisories/GHSA-gfr4-c37g-mm3v https://nvd.nist.gov/vuln/detail/CVE-2020-24370 https://www.lua.org/bugs.html#5.4.0-11 https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb1786 Reviewed-by: Tony Hutter <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: ChenHao Lu <[email protected]> Closes #15847
Diffstat (limited to 'tests')
0 files changed, 0 insertions, 0 deletions