upstream/redis
1
0
Fork 0
mirror of https://github.com/redis/redis.git synced 2026-06-11 01:40:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Lua script may lead to remote code execution (CVE-2025-49844)

Browse source
This commit is contained in:
Mincho Paskalev 2025-06-23 11:41:37 +03:00 committed by debing.sun
parent 060c6901a3
commit e304356f59
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
deps/lua/src/lparser.c vendored
View file

@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z, Mbuffer *buff, const char *name) {
struct LexState lexstate;
struct FuncState funcstate;
lexstate.buff = buff;
luaX_setinput(L, &lexstate, z, luaS_new(L, name));
TString *tname = luaS_new(L, name);
setsvalue2s(L, L->top, tname);
incr_top(L);
luaX_setinput(L, &lexstate, z, tname);
open_func(&lexstate, &funcstate);
funcstate.f->is_vararg = VARARG_ISVARARG; /* main func. is always vararg */
luaX_next(&lexstate); /* read first token */
chunk(&lexstate);
check(&lexstate, TK_EOS);
close_func(&lexstate);
--L->top;
lua_assert(funcstate.prev == NULL);
lua_assert(funcstate.f->nups == 0);
lua_assert(lexstate.fs == NULL);