diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2017-10-16 02:31:32 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-10-16 23:52:04 +0100 |
commit | 9b9f566d2042f2b393de88506d2da964bc4d17b0 (patch) | |
tree | f1147e44abcd7a6963ab3538f9d4fce47546ceb3 /meta/recipes-support | |
parent | 50e7619aebae5351e9a41fe1b909a31b9e383f0a (diff) | |
download | openembedded-core-9b9f566d2042f2b393de88506d2da964bc4d17b0.tar.gz |
sqlite3: fix CVE-2017-13685
The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.
Backport patch to fix the issue. Some references:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch | 57 | ||||
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.20.0.bb | 1 |
2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch new file mode 100644 index 0000000000..aac428c821 --- /dev/null +++ b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch @@ -0,0 +1,57 @@ +Fix CVE-2017-13685 + +The dump_callback function in SQLite 3.20.0 allows remote attackers to +cause a denial of service (EXC_BAD_ACCESS and application crash) via a +crafted file. + +References: +https://sqlite.org/src/info/02f0f4c54f2819b3 +http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html + +Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149] + +CVE: CVE-2017-13685 + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> + +Index: src/shell.c +================================================================== +--- src/shell.c ++++ src/shell.c +@@ -2657,10 +2657,11 @@ + int *aiType /* Column types */ + ){ + int i; + ShellState *p = (ShellState*)pArg; + ++ if( azArg==0 ) return 0; + switch( p->cMode ){ + case MODE_Line: { + int w = 5; + if( azArg==0 ) break; + for(i=0; i<nArg; i++){ +@@ -3007,10 +3008,11 @@ + */ + static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){ + ShellText *p = (ShellText*)pArg; + int i; + UNUSED_PARAMETER(az); ++ if( azArg==0 ) return 0; + if( p->n ) appendText(p, "|", 0); + for(i=0; i<nArg; i++){ + if( i ) appendText(p, ",", 0); + if( azArg[i] ) appendText(p, azArg[i], 0); + } +@@ -3888,11 +3890,11 @@ + const char *zType; + const char *zSql; + ShellState *p = (ShellState *)pArg; + + UNUSED_PARAMETER(azNotUsed); +- if( nArg!=3 ) return 1; ++ if( nArg!=3 || azArg==0 ) return 0; + zTable = azArg[0]; + zType = azArg[1]; + zSql = azArg[2]; + + if( strcmp(zTable, "sqlite_sequence")==0 ){ diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb index 417c36202d..e50825833e 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb @@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "\ http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \ + file://sqlite3-fix-CVE-2017-13685.patch \ " SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d" SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0" |