1 files changed, 9 insertions, 4 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5c8b512c11..4b4ea7893e 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -297,7 +297,8 @@ def check_cves(d, patched_cves):
            vendor = "%"
        # Find all relevant CVE IDs.
-        for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
+        cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
+        for cverow in cve_cursor:
            cve = cverow[0]
            if cve in cve_ignore:
@@ -316,7 +317,8 @@ def check_cves(d, patched_cves):
            vulnerable = False
            ignored = False
-            for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
+            product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
+            for row in product_cursor:
                (_, _, _, version_start, operator_start, version_end, operator_end) = row
                #bb.debug(2, "Evaluating row " + str(row))
                if cve in cve_ignore:
@@ -360,10 +362,12 @@ def check_cves(d, patched_cves):
                        bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
                        cves_unpatched.append(cve)
                    break
+            product_cursor.close()
            if not vulnerable:
                bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
                patched_cves.add(cve)
+        cve_cursor.close()
        if not cves_in_product:
            bb.note("No CVE records found for product %s, pn %s" % (product, pn))
@@ -388,14 +392,15 @@ def get_cve_info(d, cves):
    conn = sqlite3.connect(db_file, uri=True)
    for cve in cves:
-        for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
+        cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
+        for row in cursor:
            cve_data[row[0]] = {}
            cve_data[row[0]]["summary"] = row[1]
            cve_data[row[0]]["scorev2"] = row[2]
            cve_data[row[0]]["scorev3"] = row[3]
            cve_data[row[0]]["modified"] = row[4]
            cve_data[row[0]]["vector"] = row[5]
+        cursor.close()
    conn.close()
    return cve_data

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 5c8b512c11..4b4ea7893e 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -297,7 +297,8 @@ def check_cves(d, patched_cves):
297	vendor = "%"	297	vendor = "%"
298		298
299	# Find all relevant CVE IDs.	299	# Find all relevant CVE IDs.
300	for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):	300	cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
		301	for cverow in cve_cursor:
301	cve = cverow[0]	302	cve = cverow[0]
302		303
303	if cve in cve_ignore:	304	if cve in cve_ignore:
@@ -316,7 +317,8 @@ def check_cves(d, patched_cves):
316	vulnerable = False	317	vulnerable = False
317	ignored = False	318	ignored = False
318		319
319	for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):	320	product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
		321	for row in product_cursor:
320	(_, _, _, version_start, operator_start, version_end, operator_end) = row	322	(_, _, _, version_start, operator_start, version_end, operator_end) = row
321	#bb.debug(2, "Evaluating row " + str(row))	323	#bb.debug(2, "Evaluating row " + str(row))
322	if cve in cve_ignore:	324	if cve in cve_ignore:
@@ -360,10 +362,12 @@ def check_cves(d, patched_cves):
360	bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))	362	bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
361	cves_unpatched.append(cve)	363	cves_unpatched.append(cve)
362	break	364	break
		365	product_cursor.close()
363		366
364	if not vulnerable:	367	if not vulnerable:
365	bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))	368	bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
366	patched_cves.add(cve)	369	patched_cves.add(cve)
		370	cve_cursor.close()
367		371
368	if not cves_in_product:	372	if not cves_in_product:
369	bb.note("No CVE records found for product %s, pn %s" % (product, pn))	373	bb.note("No CVE records found for product %s, pn %s" % (product, pn))
@@ -388,14 +392,15 @@ def get_cve_info(d, cves):
388	conn = sqlite3.connect(db_file, uri=True)	392	conn = sqlite3.connect(db_file, uri=True)
389		393
390	for cve in cves:	394	for cve in cves:
391	for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):	395	cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
		396	for row in cursor:
392	cve_data[row[0]] = {}	397	cve_data[row[0]] = {}
393	cve_data[row[0]]["summary"] = row[1]	398	cve_data[row[0]]["summary"] = row[1]
394	cve_data[row[0]]["scorev2"] = row[2]	399	cve_data[row[0]]["scorev2"] = row[2]
395	cve_data[row[0]]["scorev3"] = row[3]	400	cve_data[row[0]]["scorev3"] = row[3]
396	cve_data[row[0]]["modified"] = row[4]	401	cve_data[row[0]]["modified"] = row[4]
397	cve_data[row[0]]["vector"] = row[5]	402	cve_data[row[0]]["vector"] = row[5]
398		403	cursor.close()
399	conn.close()	404	conn.close()
400	return cve_data	405	return cve_data
401		406