From 31b4e008f13fe00c5619fee06c6502d417448bd5 Mon Sep 17 00:00:00 2001 From: Richard Yao Date: Tue, 27 Sep 2022 19:44:13 -0400 Subject: [PATCH] LUA: Fix CVE-2014-5461 Apply the fix from upstream. http://www.lua.org/bugs.html#5.2.2-1 https://www.opencve.io/cve/CVE-2014-5461 It should be noted that exploiting this requires the `SYS_CONFIG` privilege, and anyone with that privilege likely has other opportunities to do exploits, so it is unlikely that bad actors could exploit this unless system administrators are executing untrusted ZFS Channel Programs. Reviewed-by: Brian Behlendorf Signed-off-by: Richard Yao Closes #13949 --- module/lua/ldo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/lua/ldo.c b/module/lua/ldo.c index b9368d9cea..24677596de 100644 --- a/module/lua/ldo.c +++ b/module/lua/ldo.c @@ -405,7 +405,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) { StkId base; Proto *p = clLvalue(func)->p; n = cast_int(L->top - func) - 1; /* number of real arguments */ - luaD_checkstack(L, p->maxstacksize); + luaD_checkstack(L, p->maxstacksize + p->numparams); for (; n < p->numparams; n++) setnilvalue(L->top++); /* complete missing arguments */ if (!p->is_vararg) {