Skip to content


Update Lunacy (i.e. coLunacyDNS) to have CVE-2014-5461 fix
Browse files Browse the repository at this point in the history

* I am not able to actually exploit this issue with the version of Luancy
  (Lua) coLunacyDNS uses
* This issue only affects the relatively new coLunacyDNS server (and may
  not affect it); it does **NOT** affect MaraDNS nor Deadwood
* This would only be an issue on systems where an attacker can somehow
  affect the configuration file coLunacyDNS uses
* The impact surface for this issue is, at worst, very very small

That said, I will be making a MaraDNS 3.5.0021 release with this update
over the next day or two.
  • Loading branch information
Sam Trenholme committed Jul 28, 2021
1 parent 80d994d commit efddb3a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion deadwood-github/lunacy/ldo.c
Expand Up @@ -274,7 +274,7 @@ int luaD_precall (lua_State *L, StkId func, int nresults) {
CallInfo *ci;
StkId st, base;
Proto *p = cl->p;
luaD_checkstack(L, p->maxstacksize);
luaD_checkstack(L, p->maxstacksize + p->numparams);
func = restorestack(L, funcr);
if (!p->is_vararg) { /* no varargs? */
base = func + 1;
Expand Down

0 comments on commit efddb3a

Please sign in to comment.