1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From d5728cb5795c966c5b5b1e0f0ac576a7e69af539 Mon Sep 17 00:00:00 2001
From: Mincho Paskalev <minchopaskal@gmail.com>
Date: Mon, 23 Jun 2025 11:41:37 +0300
Subject: [PATCH] Lua script may lead to remote code execution (CVE-2025-49844)
--- redis-8.0.2.orig/deps/lua/src/lparser.c
+++ redis-8.0.2/deps/lua/src/lparser.c
@@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z
struct LexState lexstate;
struct FuncState funcstate;
lexstate.buff = buff;
- luaX_setinput(L, &lexstate, z, luaS_new(L, name));
+ TString *tname = luaS_new(L, name);
+ setsvalue2s(L, L->top, tname);
+ incr_top(L);
+ luaX_setinput(L, &lexstate, z, tname);
open_func(&lexstate, &funcstate);
funcstate.f->is_vararg = VARARG_ISVARARG; /* main func. is always vararg */
luaX_next(&lexstate); /* read first token */
chunk(&lexstate);
check(&lexstate, TK_EOS);
close_func(&lexstate);
+ --L->top;
lua_assert(funcstate.prev == NULL);
lua_assert(funcstate.f->nups == 0);
lua_assert(lexstate.fs == NULL);
|
