lua: fix CVE-2014-5461

[openwrt/staging/jow.git] / package / utils / lua / patches / 013-lnum-strtoul-parsing-fixes.patch

--- a/src/lnum.c
+++ b/src/lnum.c
@@ -127,6 +127,8 @@ static int luaO_str2i (const char *s, lu
 #else
       return 0;  /* Reject the number */
 #endif
+    } else if (v > LUA_INTEGER_MAX) {
+      return TK_NUMBER;
     }
   } else if ((v > LUA_INTEGER_MAX) || (*endptr && (!isspace(*endptr)))) {
     return TK_NUMBER;  /* not in signed range, or has '.', 'e' etc. trailing */
@@ -310,3 +312,13 @@ int try_unmint( lua_Integer *r, lua_Inte
   return 0;
 }
 
+#ifdef LONG_OVERFLOW_LUA_INTEGER
+unsigned LUA_INTEGER lua_str2ul( const char *str, char **endptr, int base ) {
+  unsigned long v= strtoul(str, endptr, base);
+  if ( v > LUA_INTEGER_MAX ) {
+    errno= ERANGE;
+    v= ULONG_MAX;
+  }
+  return (unsigned LUA_INTEGER)v;
+}
+#endif
--- a/src/lnum_config.h
+++ b/src/lnum_config.h
@@ -141,7 +141,12 @@
 #endif
 
 #ifndef lua_str2ul
-# define lua_str2ul (unsigned LUA_INTEGER)strtoul
+# if LONG_MAX > LUA_INTEGER_MAX
+#   define LONG_OVERFLOW_LUA_INTEGER
+    unsigned LUA_INTEGER lua_str2ul( const char *str, char **endptr, int base );
+# else
+#  define lua_str2ul (unsigned LUA_INTEGER)strtoul
+# endif
 #endif
 #ifndef LUA_INTEGER_MIN
 # define LUA_INTEGER_MIN (-LUA_INTEGER_MAX -1)  /* -2^16|32 */