blob: d1dae389b02272ff5b794b42a1ce537fe8215029 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
From: dan <dan@noemail.net>
Date: Mon, 26 Oct 2020 13:24:36 +0000
Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
FROM clause. Ticket [f50af3e8a565776b].
Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
CVE: CVE-2020-35527
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
---
Index: sqlite-autoconf-3310100/sqlite3.c
===================================================================
--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke
pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
sqlite3TokenInit(&sColname, zColname);
sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
+ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){
struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
sqlite3DbFree(db, pX->zEName);
if( pSub ){
|
