diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-11-01 08:40:22 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-11-01 08:40:22 +0000 |
| commit | f1b1ad7c484d92241c4ae57bc579e33651022412 (patch) | |
| tree | 50fa81f824beb8087d3852a4382dec52866e6e03 /CVE-2024-31449.patch | |
| parent | 4d42541db12e6bb7c4199fde46be11cda6345d60 (diff) | |
automatic import of redisopeneuler24.03_LTS
Diffstat (limited to 'CVE-2024-31449.patch')
| -rw-r--r-- | CVE-2024-31449.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/CVE-2024-31449.patch b/CVE-2024-31449.patch new file mode 100644 index 0000000..4fde3b7 --- /dev/null +++ b/CVE-2024-31449.patch @@ -0,0 +1,43 @@ +From fe8de4313f85e0f8af2eff1f78b52cfe56fb4c71 Mon Sep 17 00:00:00 2001 +From: Oran Agra <oran@redislabs.com> +Date: Wed, 2 Oct 2024 19:54:06 +0300 +Subject: [PATCH] Fix lua bit.tohex (CVE-2024-31449) + +INT_MIN value must be explicitly checked, and cannot be negated. +--- + deps/lua/src/lua_bit.c | 1 + + tests/unit/scripting.tcl | 6 ++++++ + 2 files changed, 7 insertions(+) + +diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c +index 690df7d..a459ca9 100644 +--- a/deps/lua/src/lua_bit.c ++++ b/deps/lua/src/lua_bit.c +@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L) + const char *hexdigits = "0123456789abcdef"; + char buf[8]; + int i; ++ if (n == INT32_MIN) n = INT32_MIN+1; + if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; } + if (n > 8) n = 8; + for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; } +diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl +index d747fa6..a7e1e9e 100644 +--- a/tests/unit/scripting.tcl ++++ b/tests/unit/scripting.tcl +@@ -459,6 +459,12 @@ start_server {tags {"scripting"}} { + set e + } {*ERR*attempted to create global*} + ++ test {lua bit.tohex bug} { ++ set res [run_script {return bit.tohex(65535, -2147483648)} 0] ++ r ping ++ set res ++ } {0000FFFF} ++ + test {Test an example script DECR_IF_GT} { + set decr_if_gt { + local current +-- +2.33.0 + |