diff options
Diffstat (limited to 'meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch')
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch deleted file mode 100644 index 1b907b9d4d..0000000000 --- a/meta/recipes-support/sqlite/sqlite3/CVE-2019-9936.patch +++ /dev/null @@ -1,28 +0,0 @@ -Running fts5 prefix queries inside a transaction could trigger a heap-based -buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an -information leak. - -CVE: CVE-2019-9936 -Upstream-Status: Backport [https://sqlite.org/src/vpatch?from=45c73deb440496e8&to=b3fa58dd7403dbd4] -Signed-off-by: Ross Burton <ross.burton@intel.com> ---- - sqlite3.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 4729f45..65527d8 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -207759,7 +207759,9 @@ static int fts5HashEntrySort( - for(iSlot=0; iSlot<pHash->nSlot; iSlot++){ - Fts5HashEntry *pIter; - for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){ -- if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){ -+ if( pTerm==0 -+ || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm)) -+ ){ - Fts5HashEntry *pEntry = pIter; - pEntry->pScanNext = 0; - for(i=0; ap[i]; i++){ --- -2.20.1 |