From 919e785f87da9001948a9183c6d65ab3c7f8575d Mon Sep 17 00:00:00 2001
From: DongHun Kwak <dh0128.kwak@samsung.com>
Date: Fri, 12 Oct 2018 10:12:15 +0900
Subject: [PATCH] Security Patch

[Model] All
[BinType] AP
[Customer] OPEN

[Issue#] N/A
[Request] N/A
[Occurrence Version] N/A

[Problem] Request security patch by vd
[Cause & Measure]
[Checking Method] abi checker : pass, unit test : pass

[Team] Open Source Management and Setting Part
[Developer] dh0128.kwak
[Solution company] Samsung
[Change Type] N/A

Change-Id: Ie1a8010e9c9a9e38a28829a3df151cf720aab1a7
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
---
 src/lapi.c    |  8 +++++++-
 src/lauxlib.c | 22 ++++++++++++++++++++--
 src/lauxlib.h |  6 ++++++
 src/ldo.c     | 33 ++++++++++++++++++++++++++++++---
 src/ldo.h     |  2 ++
 src/lua.h     |  3 +++
 6 files changed, 68 insertions(+), 6 deletions(-)

diff --git a/src/lapi.c b/src/lapi.c
index 5d5145d..f6576d8 100644
--- a/src/lapi.c
+++ b/src/lapi.c
@@ -861,12 +861,18 @@ LUA_API int lua_cpcall (lua_State *L, lua_CFunction func, void *ud) {
 
 LUA_API int lua_load (lua_State *L, lua_Reader reader, void *data,
                       const char *chunkname) {
+  return lua_loadEx(L, reader, data, chunkname, NULL);
+}
+
+
+LUA_API int lua_loadEx (lua_State *L, lua_Reader reader, void *data,
+                      const char *chunkname, const char *mode) {
   ZIO z;
   int status;
   lua_lock(L);
   if (!chunkname) chunkname = "?";
   luaZ_init(L, &z, reader, data);
-  status = luaD_protectedparser(L, &z, chunkname);
+  status = luaD_protectedparserEx(L, &z, chunkname, mode);
   lua_unlock(L);
   return status;
 }
diff --git a/src/lauxlib.c b/src/lauxlib.c
index 10f14e2..5545f02 100644
--- a/src/lauxlib.c
+++ b/src/lauxlib.c
@@ -550,6 +550,12 @@ static int errfile (lua_State *L, const char *what, int fnameindex) {
 
 
 LUALIB_API int luaL_loadfile (lua_State *L, const char *filename) {
+  return luaL_loadfileEx(L, filename, NULL);
+}
+
+
+LUALIB_API int luaL_loadfileEx (lua_State *L, const char *filename,
+                                            const char *mode) {
   LoadF lf;
   int status, readstatus;
   int c;
@@ -578,7 +584,7 @@ LUALIB_API int luaL_loadfile (lua_State *L, const char *filename) {
     lf.extraline = 0;
   }
   ungetc(c, lf.f);
-  status = lua_load(L, getF, &lf, lua_tostring(L, -1));
+  status = lua_loadEx(L, getF, &lf, lua_tostring(L, -1), mode);
   readstatus = ferror(lf.f);
   if (filename) fclose(lf.f);  /* close file (even in case of errors) */
   if (readstatus) {
@@ -608,10 +614,16 @@ static const char *getS (lua_State *L, void *ud, size_t *size) {
 
 LUALIB_API int luaL_loadbuffer (lua_State *L, const char *buff, size_t size,
                                 const char *name) {
+  return luaL_loadbufferEx(L, buff, size, name, NULL);
+}
+
+
+LUALIB_API int luaL_loadbufferEx (lua_State *L, const char *buff, size_t size,
+                                const char *name, const char *mode) {
   LoadS ls;
   ls.s = buff;
   ls.size = size;
-  return lua_load(L, getS, &ls, name);
+  return lua_loadEx(L, getS, &ls, name, mode);
 }
 
 
@@ -620,6 +632,12 @@ LUALIB_API int (luaL_loadstring) (lua_State *L, const char *s) {
 }
 
 
+LUALIB_API int (luaL_loadstringEx) (lua_State *L, const char *s,
+                                                const char *mode) {
+  return luaL_loadbufferEx(L, s, strlen(s), s, mode);
+}
+
+
 
 /* }====================================================== */
 
diff --git a/src/lauxlib.h b/src/lauxlib.h
index 3425823..b756f6e 100644
--- a/src/lauxlib.h
+++ b/src/lauxlib.h
@@ -75,9 +75,15 @@ LUALIB_API int (luaL_ref) (lua_State *L, int t);
 LUALIB_API void (luaL_unref) (lua_State *L, int t, int ref);
 
 LUALIB_API int (luaL_loadfile) (lua_State *L, const char *filename);
+LUALIB_API int (luaL_loadfileEx) (lua_State *L, const char *filename,
+                                              const char *mode);
 LUALIB_API int (luaL_loadbuffer) (lua_State *L, const char *buff, size_t sz,
                                   const char *name);
+LUALIB_API int (luaL_loadbufferEx) (lua_State *L, const char *buff, size_t sz,
+                                  const char *name, const char *mode);
 LUALIB_API int (luaL_loadstring) (lua_State *L, const char *s);
+LUALIB_API int (luaL_loadstringEx) (lua_State *L, const char *s,
+                                  const char *mode);
 
 LUALIB_API lua_State *(luaL_newstate) (void);
 
diff --git a/src/ldo.c b/src/ldo.c
index d1bf786..ff9fd9b 100644
--- a/src/ldo.c
+++ b/src/ldo.c
@@ -485,9 +485,20 @@ int luaD_pcall (lua_State *L, Pfunc func, void *u,
 struct SParser {  /* data to `f_parser' */
   ZIO *z;
   Mbuffer buff;  /* buffer to be used by the scanner */
+  const char *mode;
   const char *name;
 };
 
+
+static void checkmode (lua_State *L, const char *mode, const char *x) {
+  if (mode && strchr(mode, x[0]) == NULL) {
+    luaO_pushfstring(L,
+       "attempt to load a %s chunk (mode is " LUA_QS ")", x, mode);
+    luaD_throw(L, LUA_ERRSYNTAX);
+  }
+}
+
+
 static void f_parser (lua_State *L, void *ud) {
   int i;
   Proto *tf;
@@ -495,8 +506,14 @@ static void f_parser (lua_State *L, void *ud) {
   struct SParser *p = cast(struct SParser *, ud);
   int c = luaZ_lookahead(p->z);
   luaC_checkGC(L);
-  tf = ((c == LUA_SIGNATURE[0]) ? luaU_undump : luaY_parser)(L, p->z,
-                                                             &p->buff, p->name);
+  if (c == LUA_SIGNATURE[0]) {
+    checkmode(L, p->mode, "binary");
+    tf = luaU_undump(L, p->z, &p->buff, p->name);
+  }
+  else {
+    checkmode(L, p->mode, "text");
+    tf = luaY_parser(L, p->z, &p->buff, p->name);
+  }
   cl = luaF_newLclosure(L, tf->nups, hvalue(gt(L)));
   cl->l.p = tf;
   for (i = 0; i < tf->nups; i++)  /* initialize eventual upvalues */
@@ -509,11 +526,21 @@ static void f_parser (lua_State *L, void *ud) {
 int luaD_protectedparser (lua_State *L, ZIO *z, const char *name) {
   struct SParser p;
   int status;
-  p.z = z; p.name = name;
+  p.z = z; p.name = name; p.mode = NULL;
   luaZ_initbuffer(L, &p.buff);
   status = luaD_pcall(L, f_parser, &p, savestack(L, L->top), L->errfunc);
   luaZ_freebuffer(L, &p.buff);
   return status;
 }
 
+int luaD_protectedparserEx (lua_State *L, ZIO *z, const char *name,
+                                        const char *mode) {
+  struct SParser p;
+  int status;
+  p.z = z; p.name = name; p.mode = mode;
+  luaZ_initbuffer(L, &p.buff);
+  status = luaD_pcall(L, f_parser, &p, savestack(L, L->top), L->errfunc);
+  luaZ_freebuffer(L, &p.buff);
+  return status;
+}
 
diff --git a/src/ldo.h b/src/ldo.h
index 98fddac..d84bd5f 100644
--- a/src/ldo.h
+++ b/src/ldo.h
@@ -38,6 +38,8 @@
 typedef void (*Pfunc) (lua_State *L, void *ud);
 
 LUAI_FUNC int luaD_protectedparser (lua_State *L, ZIO *z, const char *name);
+LUAI_FUNC int luaD_protectedparserEx (lua_State *L, ZIO *z, const char *name,
+                                                  const char *mode);
 LUAI_FUNC void luaD_callhook (lua_State *L, int event, int line);
 LUAI_FUNC int luaD_precall (lua_State *L, StkId func, int nresults);
 LUAI_FUNC void luaD_call (lua_State *L, StkId func, int nResults);
diff --git a/src/lua.h b/src/lua.h
index a4b73e7..c2b7d82 100644
--- a/src/lua.h
+++ b/src/lua.h
@@ -203,6 +203,9 @@ LUA_API int   (lua_pcall) (lua_State *L, int nargs, int nresults, int errfunc);
 LUA_API int   (lua_cpcall) (lua_State *L, lua_CFunction func, void *ud);
 LUA_API int   (lua_load) (lua_State *L, lua_Reader reader, void *dt,
                                         const char *chunkname);
+LUA_API int   (lua_loadEx) (lua_State *L, lua_Reader reader, void *dt,
+                                        const char *chunkname,
+                                        const char *mode);
 
 LUA_API int (lua_dump) (lua_State *L, lua_Writer writer, void *data);
 
-- 
2.7.4