diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2017-10-16 02:31:32 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-10-16 23:52:44 +0100 |
commit | 55db269ae9a5a334e3d98e9b63ee5d78c562609a (patch) | |
tree | 058210c75d15f59926e157f5ee21dc4d627e2778 | |
parent | 885fd98f0cb80973122a9a9589d318e855ff8615 (diff) | |
download | poky-55db269ae9a5a334e3d98e9b63ee5d78c562609a.tar.gz |
sqlite3: fix CVE-2017-13685
The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.
Backport patch to fix the issue. Some references:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
(From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch | 57 | ||||
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.20.0.bb | 1 |
2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch new file mode 100644 index 0000000000..aac428c821 --- /dev/null +++ b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | Fix CVE-2017-13685 | ||
2 | |||
3 | The dump_callback function in SQLite 3.20.0 allows remote attackers to | ||
4 | cause a denial of service (EXC_BAD_ACCESS and application crash) via a | ||
5 | crafted file. | ||
6 | |||
7 | References: | ||
8 | https://sqlite.org/src/info/02f0f4c54f2819b3 | ||
9 | http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html | ||
10 | |||
11 | Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149] | ||
12 | |||
13 | CVE: CVE-2017-13685 | ||
14 | |||
15 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
16 | |||
17 | Index: src/shell.c | ||
18 | ================================================================== | ||
19 | --- src/shell.c | ||
20 | +++ src/shell.c | ||
21 | @@ -2657,10 +2657,11 @@ | ||
22 | int *aiType /* Column types */ | ||
23 | ){ | ||
24 | int i; | ||
25 | ShellState *p = (ShellState*)pArg; | ||
26 | |||
27 | + if( azArg==0 ) return 0; | ||
28 | switch( p->cMode ){ | ||
29 | case MODE_Line: { | ||
30 | int w = 5; | ||
31 | if( azArg==0 ) break; | ||
32 | for(i=0; i<nArg; i++){ | ||
33 | @@ -3007,10 +3008,11 @@ | ||
34 | */ | ||
35 | static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){ | ||
36 | ShellText *p = (ShellText*)pArg; | ||
37 | int i; | ||
38 | UNUSED_PARAMETER(az); | ||
39 | + if( azArg==0 ) return 0; | ||
40 | if( p->n ) appendText(p, "|", 0); | ||
41 | for(i=0; i<nArg; i++){ | ||
42 | if( i ) appendText(p, ",", 0); | ||
43 | if( azArg[i] ) appendText(p, azArg[i], 0); | ||
44 | } | ||
45 | @@ -3888,11 +3890,11 @@ | ||
46 | const char *zType; | ||
47 | const char *zSql; | ||
48 | ShellState *p = (ShellState *)pArg; | ||
49 | |||
50 | UNUSED_PARAMETER(azNotUsed); | ||
51 | - if( nArg!=3 ) return 1; | ||
52 | + if( nArg!=3 || azArg==0 ) return 0; | ||
53 | zTable = azArg[0]; | ||
54 | zType = azArg[1]; | ||
55 | zSql = azArg[2]; | ||
56 | |||
57 | if( strcmp(zTable, "sqlite_sequence")==0 ){ | ||
diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb index 417c36202d..e50825833e 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb | |||
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 | |||
5 | 5 | ||
6 | SRC_URI = "\ | 6 | SRC_URI = "\ |
7 | http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \ | 7 | http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \ |
8 | file://sqlite3-fix-CVE-2017-13685.patch \ | ||
8 | " | 9 | " |
9 | SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d" | 10 | SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d" |
10 | SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0" | 11 | SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0" |