[Buildroot] [PATCH 1/1] package/lua/5.1.5: add patch for CVE-2014-5461

[Thomas Perale]

This CVE is specific for the version 5.1.5 still present in Buildroot.
It has been fixed in 5.2.3 and thereby doesn't affects the other
versions available in Buildroot.

- CVE-2014-5461

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through
5.2.x before 5.2.3 allows context-dependent attackers to cause a denial
of service (crash) via a small number of arguments to a function with a
large number of fixed arguments.

For more information see:
  - https://security-tracker.debian.org/tracker/CVE-2014-5461
  - https://udd.debian.org/patches.cgi?src=lua5.1&version=5.1.5-11

A patch present in Debian is used to address this vulnerability.

Signed-off-by: Thomas Perale <thomas.perale at mind.be>
---
 ...x-stack-overflow-in-vararg-functions.patch | 24 +++++++++++++++++++
 package/lua/lua.mk                            |  6 +++++
 2 files changed, 30 insertions(+)
 create mode 100644 package/lua/5.1.5/0003-Fix-stack-overflow-in-vararg-functions.patch

diff --git a/package/lua/5.1.5/0003-Fix-stack-overflow-in-vararg-functions.patch b/package/lua/5.1.5/0003-Fix-stack-overflow-in-vararg-functions.patch
new file mode 100644
index 0000000000..00142d2338
--- /dev/null
+++ b/package/lua/5.1.5/0003-Fix-stack-overflow-in-vararg-functions.patch
@@ -0,0 +1,24 @@
+From: Enrico Tassi <gareuselesinge at debian.org>
+Date: Tue, 26 Aug 2014 16:20:55 +0200
+Subject: Fix stack overflow in vararg functions
+
+CVE: CVE-2014-5461
+Upstream: https://sources.debian.org/data/main/l/lua5.1/5.1.5-11/debian/patches/0004-Fix-stack-overflow-in-vararg-functions.patch
+Signed-off-by: Thomas Perale <thomas.perale at mind.be>
+---
+ src/ldo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ldo.c b/src/ldo.c
+index d1bf786..30333bf 100644
+--- a/src/ldo.c
++++ b/src/ldo.c
+@@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) {
+     CallInfo *ci;
+     StkId st, base;
+     Proto *p = cl->p;
+-    luaD_checkstack(L, p->maxstacksize);
++    luaD_checkstack(L, p->maxstacksize + p->numparams);
+     func = restorestack(L, funcr);
+     if (!p->is_vararg) {  /* no varargs? */
+       base = func + 1;
diff --git a/package/lua/lua.mk b/package/lua/lua.mk
index 455b7e58b2..269eafe4bb 100644
--- a/package/lua/lua.mk
+++ b/package/lua/lua.mk
@@ -21,6 +21,12 @@ LUA_LICENSE_FILES = COPYRIGHT
 endif
 LUA_CPE_ID_VENDOR = lua
 
+ifeq ($(BR2_PACKAGE_LUA_5_1),y)
+# Only affect lua version 5.1.5
+# 5.1.5/0003-Fix-stack-overflow-in-vararg-functions.patch
+LUA_IGNORE_CVES += CVE-2014-5461
+endif
+
 LUA_PROVIDES = luainterpreter
 
 LUA_CFLAGS = -Wall -fPIC -DLUA_USE_POSIX
-- 
2.39.5