1 files changed, 9 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index c0d4e2a972..4fc4e545e4 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -290,7 +290,8 @@ def check_cves(d, patched_cves):
            vendor = "%"
        # Find all relevant CVE IDs.
-        for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
+        cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
+        for cverow in cve_cursor:
            cve = cverow[0]
            if cve in cve_whitelist:
@@ -309,7 +310,8 @@ def check_cves(d, patched_cves):
            vulnerable = False
            ignored = False
-            for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
+            product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
+            for row in product_cursor:
                (_, _, _, version_start, operator_start, version_end, operator_end) = row
                #bb.debug(2, "Evaluating row " + str(row))
                if cve in cve_whitelist:
@@ -353,10 +355,12 @@ def check_cves(d, patched_cves):
                        bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
                        cves_unpatched.append(cve)
                    break
+            product_cursor.close()
            if not vulnerable:
                bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
                patched_cves.add(cve)
+        cve_cursor.close()
        if not cves_in_product:
            bb.note("No CVE records found for product %s, pn %s" % (product, pn))
@@ -378,14 +382,15 @@ def get_cve_info(d, cves):
    conn = sqlite3.connect(db_file, uri=True)
    for cve in cves:
-        for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
+        cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
+        for row in cursor:
            cve_data[row[0]] = {}
            cve_data[row[0]]["summary"] = row[1]
            cve_data[row[0]]["scorev2"] = row[2]
            cve_data[row[0]]["scorev3"] = row[3]
            cve_data[row[0]]["modified"] = row[4]
            cve_data[row[0]]["vector"] = row[5]
+        cursor.close()
    conn.close()
    return cve_data

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c0d4e2a972..4fc4e545e4 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -290,7 +290,8 @@ def check_cves(d, patched_cves):
290	vendor = "%"	290	vendor = "%"
291		291
292	# Find all relevant CVE IDs.	292	# Find all relevant CVE IDs.
293	for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):	293	cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
		294	for cverow in cve_cursor:
294	cve = cverow[0]	295	cve = cverow[0]
295		296
296	if cve in cve_whitelist:	297	if cve in cve_whitelist:
@@ -309,7 +310,8 @@ def check_cves(d, patched_cves):
309	vulnerable = False	310	vulnerable = False
310	ignored = False	311	ignored = False
311		312
312	for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):	313	product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
		314	for row in product_cursor:
313	(_, _, _, version_start, operator_start, version_end, operator_end) = row	315	(_, _, _, version_start, operator_start, version_end, operator_end) = row
314	#bb.debug(2, "Evaluating row " + str(row))	316	#bb.debug(2, "Evaluating row " + str(row))
315	if cve in cve_whitelist:	317	if cve in cve_whitelist:
@@ -353,10 +355,12 @@ def check_cves(d, patched_cves):
353	bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))	355	bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
354	cves_unpatched.append(cve)	356	cves_unpatched.append(cve)
355	break	357	break
		358	product_cursor.close()
356		359
357	if not vulnerable:	360	if not vulnerable:
358	bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))	361	bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
359	patched_cves.add(cve)	362	patched_cves.add(cve)
		363	cve_cursor.close()
360		364
361	if not cves_in_product:	365	if not cves_in_product:
362	bb.note("No CVE records found for product %s, pn %s" % (product, pn))	366	bb.note("No CVE records found for product %s, pn %s" % (product, pn))
@@ -378,14 +382,15 @@ def get_cve_info(d, cves):
378	conn = sqlite3.connect(db_file, uri=True)	382	conn = sqlite3.connect(db_file, uri=True)
379		383
380	for cve in cves:	384	for cve in cves:
381	for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):	385	cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
		386	for row in cursor:
382	cve_data[row[0]] = {}	387	cve_data[row[0]] = {}
383	cve_data[row[0]]["summary"] = row[1]	388	cve_data[row[0]]["summary"] = row[1]
384	cve_data[row[0]]["scorev2"] = row[2]	389	cve_data[row[0]]["scorev2"] = row[2]
385	cve_data[row[0]]["scorev3"] = row[3]	390	cve_data[row[0]]["scorev3"] = row[3]
386	cve_data[row[0]]["modified"] = row[4]	391	cve_data[row[0]]["modified"] = row[4]
387	cve_data[row[0]]["vector"] = row[5]	392	cve_data[row[0]]["vector"] = row[5]
388		393	cursor.close()
389	conn.close()	394	conn.close()
390	return cve_data	395	return cve_data
391		396