diff options
Diffstat (limited to 'meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch')
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch new file mode 100644 index 0000000000..1b907b9d4d --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | Running fts5 prefix queries inside a transaction could trigger a heap-based | ||
2 | buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an | ||
3 | information leak. | ||
4 | |||
5 | CVE: CVE-2019-9936 | ||
6 | Upstream-Status: Backport [https://sqlite.org/src/vpatch?from=45c73deb440496e8&to=b3fa58dd7403dbd4] | ||
7 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
8 | --- | ||
9 | sqlite3.c | 4 +++- | ||
10 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
11 | |||
12 | diff --git a/sqlite3.c b/sqlite3.c | ||
13 | index 4729f45..65527d8 100644 | ||
14 | --- a/sqlite3.c | ||
15 | +++ b/sqlite3.c | ||
16 | @@ -207759,7 +207759,9 @@ static int fts5HashEntrySort( | ||
17 | for(iSlot=0; iSlot<pHash->nSlot; iSlot++){ | ||
18 | Fts5HashEntry *pIter; | ||
19 | for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){ | ||
20 | - if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){ | ||
21 | + if( pTerm==0 | ||
22 | + || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm)) | ||
23 | + ){ | ||
24 | Fts5HashEntry *pEntry = pIter; | ||
25 | pEntry->pScanNext = 0; | ||
26 | for(i=0; ap[i]; i++){ | ||
27 | -- | ||
28 | 2.20.1 | ||