From 90e65514dda3994253c1e3007f63da7ace8f6b7b Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Sat, 5 Sep 2020 20:02:54 +0200
Subject: [PATCH] Limit path length passed to C library loader.

---
 src/lib_package.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lib_package.c b/src/lib_package.c
index a8bdcf17..f5ba3cbc 100644
--- a/src/lib_package.c
+++ b/src/lib_package.c
@@ -208,7 +208,12 @@ static const char *mksymname(lua_State *L, const char *modname,
 
 static int ll_loadfunc(lua_State *L, const char *path, const char *name, int r)
 {
-  void **reg = ll_register(L, path);
+  void **reg;
+  if (strlen(path) >= 4096) {
+    lua_pushliteral(L, "path too long");
+    return PACKAGE_ERR_LIB;
+  }
+  reg = ll_register(L, path);
   if (*reg == NULL) *reg = ll_load(L, path, (*name == '*'));
   if (*reg == NULL) {
     return PACKAGE_ERR_LIB;  /* Unable to load library. */