diff options
author | Shubham Agrawal <shuagr@microsoft.com> | 2019-10-15 16:26:43 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-10-25 08:34:58 -0700 |
commit | 38e907a6870f2c5d9432b1ac6ff9d7fe82690781 (patch) | |
tree | debccb523c3feffc1a6ac41baad2b5ec02d8d8ad | |
parent | cd7cf933b3235560ec71576d8f3836dff736a39f (diff) | |
download | openembedded-core-contrib-38e907a6870f2c5d9432b1ac6ff9d7fe82690781.tar.gz |
sqlite3: CVE fix
CVE:CVE-2019-16168
Status: Backport
whitelist as changes already there due to previous patches in upstream
CVE:CVE-2018-20346
Status: Backported
Signed-off-by: Shubham Agrawaslshuagr@microsoft.com
[minor clean up to conform to docs]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-support/sqlite/files/CVE-2019-16168.patch | 46 | ||||
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.23.1.bb | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/CVE-2019-16168.patch new file mode 100644 index 0000000000..4d777e497d --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2019-16168.patch @@ -0,0 +1,46 @@ +From fc8bb8d6ae2d4cd024546e9e7bbab115427c3f41 Mon Sep 17 00:00:00 2001 +From: Shubham Agrawal <shuagr@microsoft.com> +Date: Fri, 11 Oct 2019 20:20:18 +0000 +Subject: [PATCH] sqlite3 CVE: CVE-2019-16168 +Reply-To: shuagr@microsoft.com + + +CVE:CVE-2019-16168 +Status: Backport + +whitelist as changes already there due to previous patches in upstream +CVE:CVE-2018-20346 +Status: Backported + +Signed-off-by: Shubham Agrawaslshuagr@microsoft.com + +--- + sqlite3.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 0f71a44..c480e53 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -101836,7 +101836,9 @@ static void decodeIntArray( + if( sqlite3_strglob("unordered*", z)==0 ){ + pIndex->bUnordered = 1; + }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){ +- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3)); ++ int sz = sqlite3Atoi(z+3); ++ if( sz<2 ) sz = 2; ++ pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(sz)); + }else if( sqlite3_strglob("noskipscan*", z)==0 ){ + pIndex->noSkipScan = 1; + } +@@ -137151,6 +137153,7 @@ static int whereLoopAddBtreeIndex( + ** it to pNew->rRun, which is currently set to the cost of the index + ** seek only. Then, if this is a non-covering index, add the cost of + ** visiting the rows in the main table. */ ++ assert( pSrc->pTab->szTabRow>0 ); + rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow; + pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx); + if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){ +-- +2.7.4 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb index 7df61cd1cc..e2e9b5024a 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb @@ -8,6 +8,7 @@ SRC_URI = "\ file://CVE-2018-20505.patch \ file://CVE-2018-20506.patch \ file://CVE-2019-8457.patch \ + file://CVE-2019-16168.patch \ " SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa" SRC_URI[sha256sum] = "92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25" |