summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWenzong Fan <wenzong.fan@windriver.com>2017-10-16 02:31:32 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-10-16 23:52:44 +0100
commit55db269ae9a5a334e3d98e9b63ee5d78c562609a (patch)
tree058210c75d15f59926e157f5ee21dc4d627e2778
parent885fd98f0cb80973122a9a9589d318e855ff8615 (diff)
downloadpoky-55db269ae9a5a334e3d98e9b63ee5d78c562609a.tar.gz
sqlite3: fix CVE-2017-13685
The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Backport patch to fix the issue. Some references: https://sqlite.org/src/info/02f0f4c54f2819b3 http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html (From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch57
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.20.0.bb1
2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
new file mode 100644
index 0000000000..aac428c821
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
@@ -0,0 +1,57 @@
1Fix CVE-2017-13685
2
3The dump_callback function in SQLite 3.20.0 allows remote attackers to
4cause a denial of service (EXC_BAD_ACCESS and application crash) via a
5crafted file.
6
7References:
8https://sqlite.org/src/info/02f0f4c54f2819b3
9http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
10
11Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149]
12
13CVE: CVE-2017-13685
14
15Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
16
17Index: src/shell.c
18==================================================================
19--- src/shell.c
20+++ src/shell.c
21@@ -2657,10 +2657,11 @@
22 int *aiType /* Column types */
23 ){
24 int i;
25 ShellState *p = (ShellState*)pArg;
26
27+ if( azArg==0 ) return 0;
28 switch( p->cMode ){
29 case MODE_Line: {
30 int w = 5;
31 if( azArg==0 ) break;
32 for(i=0; i<nArg; i++){
33@@ -3007,10 +3008,11 @@
34 */
35 static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){
36 ShellText *p = (ShellText*)pArg;
37 int i;
38 UNUSED_PARAMETER(az);
39+ if( azArg==0 ) return 0;
40 if( p->n ) appendText(p, "|", 0);
41 for(i=0; i<nArg; i++){
42 if( i ) appendText(p, ",", 0);
43 if( azArg[i] ) appendText(p, azArg[i], 0);
44 }
45@@ -3888,11 +3890,11 @@
46 const char *zType;
47 const char *zSql;
48 ShellState *p = (ShellState *)pArg;
49
50 UNUSED_PARAMETER(azNotUsed);
51- if( nArg!=3 ) return 1;
52+ if( nArg!=3 || azArg==0 ) return 0;
53 zTable = azArg[0];
54 zType = azArg[1];
55 zSql = azArg[2];
56
57 if( strcmp(zTable, "sqlite_sequence")==0 ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
index 417c36202d..e50825833e 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
5 5
6SRC_URI = "\ 6SRC_URI = "\
7 http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \ 7 http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \
8 file://sqlite3-fix-CVE-2017-13685.patch \
8 " 9 "
9SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d" 10SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"
10SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0" 11SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"