openwrt/package/utils/lua/patches-host/013-lnum-strtoul-parsing-fixes.patch
Rosen Penev 78b0106f7d
lua: fix CVE-2014-5461
Patch taken from Debian.

Refresh patches

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2024-02-17 01:55:21 +01:00

42 lines
1.2 KiB
Diff

--- a/src/lnum.c
+++ b/src/lnum.c
@@ -127,6 +127,8 @@ static int luaO_str2i (const char *s, lu
#else
return 0; /* Reject the number */
#endif
+ } else if (v > LUA_INTEGER_MAX) {
+ return TK_NUMBER;
}
} else if ((v > LUA_INTEGER_MAX) || (*endptr && (!isspace(*endptr)))) {
return TK_NUMBER; /* not in signed range, or has '.', 'e' etc. trailing */
@@ -310,3 +312,13 @@ int try_unmint( lua_Integer *r, lua_Inte
return 0;
}
+#ifdef LONG_OVERFLOW_LUA_INTEGER
+unsigned LUA_INTEGER lua_str2ul( const char *str, char **endptr, int base ) {
+ unsigned long v= strtoul(str, endptr, base);
+ if ( v > LUA_INTEGER_MAX ) {
+ errno= ERANGE;
+ v= ULONG_MAX;
+ }
+ return (unsigned LUA_INTEGER)v;
+}
+#endif
--- a/src/lnum_config.h
+++ b/src/lnum_config.h
@@ -141,7 +141,12 @@
#endif
#ifndef lua_str2ul
-# define lua_str2ul (unsigned LUA_INTEGER)strtoul
+# if LONG_MAX > LUA_INTEGER_MAX
+# define LONG_OVERFLOW_LUA_INTEGER
+ unsigned LUA_INTEGER lua_str2ul( const char *str, char **endptr, int base );
+# else
+# define lua_str2ul (unsigned LUA_INTEGER)strtoul
+# endif
#endif
#ifndef LUA_INTEGER_MIN
# define LUA_INTEGER_MIN (-LUA_INTEGER_MAX -1) /* -2^16|32 */