mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
sqlite3: CVE-2018-8740
* CVE-2018-8740 In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. Affects sqlite3 <= 3.22.0 CVE: CVE-2018-8740 Ref: https://access.redhat.com/security/cve/cve-2018-8740 (From OE-Core rev: 0469c075d904026ec37214fb39397bb1cb07ab43) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Sinan Kaya
committed by
Richard Purdie
Richard Purdie
parent
b77082e38f
commit
a36165011e
47
meta/recipes-support/sqlite/files/CVE-2018-8740.patch
Normal file
47
meta/recipes-support/sqlite/files/CVE-2018-8740.patch
Normal file
@@ -0,0 +1,47 @@
|
||||
From 19aed4d2be46c4516caf2bee31f79044bbd1d57d Mon Sep 17 00:00:00 2001
|
||||
From: Sinan Kaya <okaya@kernel.org>
|
||||
Date: Fri, 21 Sep 2018 16:22:01 +0000
|
||||
Subject: [PATCH] Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message
|
||||
|
||||
Upstream-Status: Backport [ https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b&diff=1&w]
|
||||
Signed-off-by: Sinan Kaya <okaya@kernel.org>
|
||||
---
|
||||
sqlite3.c | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/sqlite3.c b/sqlite3.c
|
||||
index 73c69ef..6863bc6 100644
|
||||
--- a/sqlite3.c
|
||||
+++ b/sqlite3.c
|
||||
@@ -103474,8 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable(
|
||||
p = pParse->pNewTable;
|
||||
if( p==0 ) return;
|
||||
|
||||
- assert( !db->init.busy || !pSelect );
|
||||
-
|
||||
/* If the db->init.busy is 1 it means we are reading the SQL off the
|
||||
** "sqlite_master" or "sqlite_temp_master" table on the disk.
|
||||
** So do not write to the disk again. Extract the root page number
|
||||
@@ -103486,6 +103484,10 @@ SQLITE_PRIVATE void sqlite3EndTable(
|
||||
** table itself. So mark it read-only.
|
||||
*/
|
||||
if( db->init.busy ){
|
||||
+ if( pSelect ){
|
||||
+ sqlite3ErrorMsg(pParse, "");
|
||||
+ return;
|
||||
+ }
|
||||
p->tnum = db->init.newTnum;
|
||||
if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
|
||||
}
|
||||
@@ -117813,7 +117815,7 @@ static void corruptSchema(
|
||||
char *z;
|
||||
if( zObj==0 ) zObj = "?";
|
||||
z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
|
||||
- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
|
||||
+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
|
||||
sqlite3DbFree(db, *pData->pzErrMsg);
|
||||
*pData->pzErrMsg = z;
|
||||
}
|
||||
--
|
||||
2.19.0
|
||||
|
||||
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
|
||||
|
||||
SRC_URI = "\
|
||||
http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \
|
||||
file://CVE-2018-8740.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "96b5648d542e8afa6ab7ffb8db8ddc3d"
|
||||
SRC_URI[sha256sum] = "2824ab1238b706bc66127320afbdffb096361130e23291f26928a027b885c612"
|
||||
|
||||
Reference in New Issue
Block a user