blob: cba8ec9d3017f36ab81a727fddda3939f3370346 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
CVE: CVE-2019-19959
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>
From f83f7e8141ee7cbbf7f2dc8985279a7372b259b6 Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Mon, 23 Dec 2019 21:04:33 +0000
Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that
it is able to deal with goofy filenames that contain embedded zeros.
FossilOrigin-Name: cc0fb00a128fd0773db5ff7891f7aa577a3671d570166d2cbb30df922344adcf
---
shell.c | 4 ++--
sqlite3.c | 4 ++--
sqlite3.h | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/shell.c b/shell.c
index 404a8d4..48065e9 100644
--- a/shell.c
+++ b/shell.c
@@ -5841,7 +5841,7 @@ static int zipfileUpdate(
zFree = sqlite3_mprintf("%s/", zPath);
if( zFree==0 ){ rc = SQLITE_NOMEM; }
zPath = (const char*)zFree;
- nPath++;
+ nPath = (int)strlen(zPath);
}
}
@@ -6242,11 +6242,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){
}else{
if( zName[nName-1]!='/' ){
zName = zFree = sqlite3_mprintf("%s/", zName);
- nName++;
if( zName==0 ){
rc = SQLITE_NOMEM;
goto zipfile_step_out;
}
+ nName = (int)strlen(zName);
}else{
while( nName>1 && zName[nName-2]=='/' ) nName--;
}
--
2.24.1
|
