Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP2
crawl
CVE-2020-11722.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-11722.patch of Package crawl
Fix CVE CVE-2020-11722 before version 0.25 Contains upstream commits 768f60da87a3fa0b5561da5ade9309577c176d04 and fc522ff6eb1bbb85e3de60c60a45762571e48c28 diff -Nur stone_soup-0.24.0/source/clua.cc new/source/clua.cc --- stone_soup-0.24.0/source/clua.cc 2019-04-21 07:54:24.000000000 +0200 +++ new/source/clua.cc 2020-04-14 13:38:19.579713046 +0200 @@ -315,6 +315,9 @@ while (!f.eof()) script += f.get_line() + "\n"; + if (script[0] == 0x1b) + abort(); + // prefixing with @ stops lua from adding [string "%s"] return luaL_loadbuffer(ls, &script[0], script.length(), ("@" + file).c_str()); @@ -729,6 +732,20 @@ return !err; } +static int lua_loadstring(lua_State *ls) +{ + const auto lua = luaL_checkstring(ls, 1); + if (lua[0] == 0x1b) + abort(); + lua_settop(ls, 0); + if (luaL_loadstring(ls, lua)) + { + lua_pushnil(ls); + lua_insert(ls, 1); + } + return lua_gettop(ls); +} + void CLua::init_lua() { if (_state) @@ -751,6 +768,11 @@ lua_stack_cleaner clean(_state); + lua_pushcfunction(_state, lua_loadstring); + lua_setglobal(_state, "loadstring"); + lua_pushnil(_state); + lua_setglobal(_state, "load"); + lua_atpanic(_state, _clua_panic); #ifdef CLUA_UNRESTRICTED_LIBS
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor