sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs.

(From OE-Core rev: 18641988caa131436f75dd3c279ce5af3380481a) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Vivek Kumbhar <vkumbhar@mvista.com> 2022-12-20 11:45:12 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-01-06 17:33:23 +0000
commit: bbe38cd6376f2ed2fff4e14f3385df62e0ecf1bd (patch)
tree: 9740e1e6b1c2a804649107dd50b77fa2eefc57aa /meta
parent: 2f4691f403c293349738a1c3040b74db21592159 (diff)
download: poky-bbe38cd6376f2ed2fff4e14f3385df62e0ecf1bd.tar.gz
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2022-46908.patch b/meta/recipes-support/sqlite/files/CVE-2022-46908.patch
new file mode 100644
index 0000000000..38bd544838
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2022-46908.patch
@@ -0,0 +1,39 @@
+From 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC
+From: larrybr <larrybr@sqlite.org>
+Date: 2022-12-05 02:52:37 UTC
+Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
+Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f.
+Upstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2]
+CVE-2022-46908
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ shell.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/shell.c b/shell.c
+index d104768..0200c0a 100644
+--- a/shell.c
+++ b/shell.c
+@@ -12894,7 +12894,7 @@ static int safeModeAuth(
+     "zipfile",
+     "zipfile_cds",
+   };
+-  UNUSED_PARAMETER(zA2);
+  UNUSED_PARAMETER(zA1);
+   UNUSED_PARAMETER(zA3);
+   UNUSED_PARAMETER(zA4);
+   switch( op ){
+@@ -12905,7 +12905,7 @@ static int safeModeAuth(
+     case SQLITE_FUNCTION: {
+       int i;
+       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
+-        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
+        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
+           failIfSafeMode(p, "cannot use the %s() function in safe mode",
+                          azProhibitedFunctions[i]);
+         }
+-- 
+2.30.2
diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index 628f630657..313c15dff4 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
 SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
           file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch \
+           file://CVE-2022-46908.patch \
 "
 SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
author	Vivek Kumbhar <vkumbhar@mvista.com>	2022-12-20 11:45:12 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-06 17:33:23 +0000
commit	bbe38cd6376f2ed2fff4e14f3385df62e0ecf1bd (patch)
tree	9740e1e6b1c2a804649107dd50b77fa2eefc57aa /meta
parent	2f4691f403c293349738a1c3040b74db21592159 (diff)
download	poky-bbe38cd6376f2ed2fff4e14f3385df62e0ecf1bd.tar.gz

diff --git a/meta/recipes-support/sqlite/files/CVE-2022-46908.patch b/meta/recipes-support/sqlite/files/CVE-2022-46908.patch new file mode 100644 index 0000000000..38bd544838 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2022-46908.patch
@@ -0,0 +1,39 @@
		1	From 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC
		2	From: larrybr <larrybr@sqlite.org>
		3	Date: 2022-12-05 02:52:37 UTC
		4	Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
		5
		6	Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f.
		7
		8	Upstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2]
		9	CVE-2022-46908
		10	Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
		11	---
		12	shell.c \| 4 ++--
		13	1 file changed, 2 insertions(+), 2 deletions(-)
		14
		15	diff --git a/shell.c b/shell.c
		16	index d104768..0200c0a 100644
		17	--- a/shell.c
		18	+++ b/shell.c
		19	@@ -12894,7 +12894,7 @@ static int safeModeAuth(
		20	"zipfile",
		21	"zipfile_cds",
		22	};
		23	- UNUSED_PARAMETER(zA2);
		24	+ UNUSED_PARAMETER(zA1);
		25	UNUSED_PARAMETER(zA3);
		26	UNUSED_PARAMETER(zA4);
		27	switch( op ){
		28	@@ -12905,7 +12905,7 @@ static int safeModeAuth(
		29	case SQLITE_FUNCTION: {
		30	int i;
		31	for(i=0; i<ArraySize(azProhibitedFunctions); i++){
		32	- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
		33	+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
		34	failIfSafeMode(p, "cannot use the %s() function in safe mode",
		35	azProhibitedFunctions[i]);
		36	}
		37	--
		38	2.30.2
		39


diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb index 628f630657..313c15dff4 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
5		5
6	SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \	6	SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
7	file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch \	7	file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch \
		8	file://CVE-2022-46908.patch \
8	"	9	"
9	SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"	10	SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
10		11