BUG/MEDIUM: hlua: make hlua_ctx_renew() safe

hlua_ctx_renew() is called from unsafe places where the caller doesn't
expect it to LJMP.. however hlua_ctx_renew() makes use of Lua library
function that could potentially raise errors, such as lua_newthread(),
and it does nothing to catch errors. Because of this, haproxy could
unexpectedly crash. This was discovered and reported by GH user
@JB0925 on #2745.

To fix the issue, let's simply make hlua_ctx_renew() safe by applying
the same logic implemented for hlua_ctx_init() or hlua_ctx_destroy(),
which is catching Lua errors by leveraging SET_SAFE_LJMP_PARENT() helper.

It should be backported to all stable versions.

diff --git a/src/hlua.c b/src/hlua.c
index 96773a86a759726c17485c43d7b958f7182193b9..eab77324ca4d1d2db7456ce6c8de4e1273cb986f 100644 (file)
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -1811,10 +1811,15 @@ static int hlua_ctx_renew(struct hlua *lua, int keep_msg)
        lua_State *T;
        int new_ref;
 
+       if (!SET_SAFE_LJMP_PARENT(lua))
+               return 0;
+
        /* New Lua coroutine. */
        T = lua_newthread(hlua_states[lua->state_id]);
-       if (!T)
+       if (!T) {
+               RESET_SAFE_LJMP_PARENT(lua);
                return 0;
+       }
 
        /* Copy last error message. */
        if (keep_msg)
@@ -1836,6 +1841,8 @@ static int hlua_ctx_renew(struct hlua *lua, int keep_msg)
        lua->T = T;
        lua->Tref = luaL_ref(hlua_states[lua->state_id], LUA_REGISTRYINDEX);
 
+       RESET_SAFE_LJMP_PARENT(lua);
+
        /* Set context. */
        hlua_sethlua(lua);