diff options
Diffstat (limited to 'meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch')
| -rw-r--r-- | meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch new file mode 100644 index 0000000000..ffc2c6afff --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | CVE: CVE-2019-19925 | ||
| 2 | Upstream-Status: Backport | ||
| 3 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
| 4 | |||
| 5 | From e92580434d2cdca228649d32f76167492de4f512 Mon Sep 17 00:00:00 2001 | ||
| 6 | From: "D. Richard Hipp" <drh@hwaci.com> | ||
| 7 | Date: Thu, 19 Dec 2019 15:15:40 +0000 | ||
| 8 | Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the | ||
| 9 | pathname of the file being inserted is a NULL. Bug discovered by the | ||
| 10 | Yongheng and Rui fuzzer. | ||
| 11 | |||
| 12 | FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06 | ||
| 13 | --- | ||
| 14 | shell.c | 1 + | ||
| 15 | sqlite3.c | 4 ++-- | ||
| 16 | sqlite3.h | 2 +- | ||
| 17 | 3 files changed, 4 insertions(+), 3 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/shell.c b/shell.c | ||
| 20 | index 053180c..404a8d4 100644 | ||
| 21 | --- a/shell.c | ||
| 22 | +++ b/shell.c | ||
| 23 | @@ -5827,6 +5827,7 @@ static int zipfileUpdate( | ||
| 24 | |||
| 25 | if( rc==SQLITE_OK ){ | ||
| 26 | zPath = (const char*)sqlite3_value_text(apVal[2]); | ||
| 27 | + if( zPath==0 ) zPath = ""; | ||
| 28 | nPath = (int)strlen(zPath); | ||
| 29 | mTime = zipfileGetTime(apVal[4]); | ||
| 30 | } | ||
| 31 | -- | ||
| 32 | 2.24.1 | ||
| 33 | |||