2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
new file mode 100644
index 0000000000..aac428c821
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
@@ -0,0 +1,57 @@
+Fix CVE-2017-13685
+The dump_callback function in SQLite 3.20.0 allows remote attackers to
+cause a denial of service (EXC_BAD_ACCESS and application crash) via a
+crafted file.
+References:
+https://sqlite.org/src/info/02f0f4c54f2819b3
+http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
+Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149]
+CVE: CVE-2017-13685
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+Index: src/shell.c
+==================================================================
+--- src/shell.c
+++ src/shell.c
+@@ -2657,10 +2657,11 @@
+   int *aiType      /* Column types */
+ ){
+   int i;
+   ShellState *p = (ShellState*)pArg;
+ 
+  if( azArg==0 ) return 0;
+   switch( p->cMode ){
+     case MODE_Line: {
+       int w = 5;
+       if( azArg==0 ) break;
+       for(i=0; i<nArg; i++){
+@@ -3007,10 +3008,11 @@
+ */
+ static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){
+   ShellText *p = (ShellText*)pArg;
+   int i;
+   UNUSED_PARAMETER(az);
+  if( azArg==0 ) return 0;
+   if( p->n ) appendText(p, "|", 0);
+   for(i=0; i<nArg; i++){
+     if( i ) appendText(p, ",", 0);
+     if( azArg[i] ) appendText(p, azArg[i], 0);
+   }
+@@ -3888,11 +3890,11 @@
+   const char *zType;
+   const char *zSql;
+   ShellState *p = (ShellState *)pArg;
+ 
+   UNUSED_PARAMETER(azNotUsed);
+-  if( nArg!=3 ) return 1;
+  if( nArg!=3 || azArg==0 ) return 0;
+   zTable = azArg[0];
+   zType = azArg[1];
+   zSql = azArg[2];
+ 
+   if( strcmp(zTable, "sqlite_sequence")==0 ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
index 417c36202d..e50825833e 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
 SRC_URI = "\
  http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+  file://sqlite3-fix-CVE-2017-13685.patch \
  "
 SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"
 SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"

diff --git a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch new file mode 100644 index 0000000000..aac428c821 --- /dev/null +++ b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
@@ -0,0 +1,57 @@
		1	Fix CVE-2017-13685
		2
		3	The dump_callback function in SQLite 3.20.0 allows remote attackers to
		4	cause a denial of service (EXC_BAD_ACCESS and application crash) via a
		5	crafted file.
		6
		7	References:
		8	https://sqlite.org/src/info/02f0f4c54f2819b3
		9	http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
		10
		11	Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149]
		12
		13	CVE: CVE-2017-13685
		14
		15	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
		16
		17	Index: src/shell.c
		18	==================================================================
		19	--- src/shell.c
		20	+++ src/shell.c
		21	@@ -2657,10 +2657,11 @@
		22	int aiType / Column types */
		23	){
		24	int i;
		25	ShellState p = (ShellState)pArg;
		26
		27	+ if( azArg==0 ) return 0;
		28	switch( p->cMode ){
		29	case MODE_Line: {
		30	int w = 5;
		31	if( azArg==0 ) break;
		32	for(i=0; i<nArg; i++){
		33	@@ -3007,10 +3008,11 @@
		34	*/
		35	static int captureOutputCallback(void pArg, int nArg, char azArg, char *az){
		36	ShellText p = (ShellText)pArg;
		37	int i;
		38	UNUSED_PARAMETER(az);
		39	+ if( azArg==0 ) return 0;
		40	if( p->n ) appendText(p, "\|", 0);
		41	for(i=0; i<nArg; i++){
		42	if( i ) appendText(p, ",", 0);
		43	if( azArg[i] ) appendText(p, azArg[i], 0);
		44	}
		45	@@ -3888,11 +3890,11 @@
		46	const char *zType;
		47	const char *zSql;
		48	ShellState p = (ShellState )pArg;
		49
		50	UNUSED_PARAMETER(azNotUsed);
		51	- if( nArg!=3 ) return 1;
		52	+ if( nArg!=3 \|\| azArg==0 ) return 0;
		53	zTable = azArg[0];
		54	zType = azArg[1];
		55	zSql = azArg[2];
		56
		57	if( strcmp(zTable, "sqlite_sequence")==0 ){


diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb index 417c36202d..e50825833e 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
5		5
6	SRC_URI = "\	6	SRC_URI = "\
7	http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \	7	http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \
		8	file://sqlite3-fix-CVE-2017-13685.patch \
8	"	9	"
9	SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"	10	SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"
10	SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"	11	SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"