File CVE-2020-11722.patch of Package crawl
Fix CVE CVE-2020-11722 before version 0.25
Contains upstream commits 768f60da87a3fa0b5561da5ade9309577c176d04 and fc522ff6eb1bbb85e3de60c60a45762571e48c28
diff -Nur stone_soup-0.24.0/source/clua.cc new/source/clua.cc
--- stone_soup-0.24.0/source/clua.cc 2019-04-21 07:54:24.000000000 +0200
+++ new/source/clua.cc 2020-04-14 13:38:19.579713046 +0200
@@ -315,6 +315,9 @@
while (!f.eof())
script += f.get_line() + "\n";
+ if (script[0] == 0x1b)
+ abort();
+
// prefixing with @ stops lua from adding [string "%s"]
return luaL_loadbuffer(ls, &script[0], script.length(),
("@" + file).c_str());
@@ -729,6 +732,20 @@
return !err;
}
+static int lua_loadstring(lua_State *ls)
+{
+ const auto lua = luaL_checkstring(ls, 1);
+ if (lua[0] == 0x1b)
+ abort();
+ lua_settop(ls, 0);
+ if (luaL_loadstring(ls, lua))
+ {
+ lua_pushnil(ls);
+ lua_insert(ls, 1);
+ }
+ return lua_gettop(ls);
+}
+
void CLua::init_lua()
{
if (_state)
@@ -751,6 +768,11 @@
lua_stack_cleaner clean(_state);
+ lua_pushcfunction(_state, lua_loadstring);
+ lua_setglobal(_state, "loadstring");
+ lua_pushnil(_state);
+ lua_setglobal(_state, "load");
+
lua_atpanic(_state, _clua_panic);
#ifdef CLUA_UNRESTRICTED_LIBS