mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs.

Browse Source 
(From OE-Core rev: 18641988caa131436f75dd3c279ce5af3380481a)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Vivek Kumbhar
2022-12-20 11:45:12 +05:30
committed by Richard Purdie
parent 2f4691f403
commit bbe38cd637
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
meta/recipes-support/sqlite/files/CVE-2022-46908.patch Normal file
View File

@@ -0,0 +1,39 @@
From 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC
From: larrybr <larrybr@sqlite.org>
Date: 2022-12-05 02:52:37 UTC
Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f.
Upstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2]
CVE-2022-46908
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
---
shell.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shell.c b/shell.c
index d104768..0200c0a 100644
--- a/shell.c
+++ b/shell.c
@@ -12894,7 +12894,7 @@ static int safeModeAuth(
"zipfile",
"zipfile_cds",
};
- UNUSED_PARAMETER(zA2);
+ UNUSED_PARAMETER(zA1);
UNUSED_PARAMETER(zA3);
UNUSED_PARAMETER(zA4);
switch( op ){
@@ -12905,7 +12905,7 @@ static int safeModeAuth(
case SQLITE_FUNCTION: {
int i;
for(i=0; i<ArraySize(azProhibitedFunctions); i++){
- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
failIfSafeMode(p, "cannot use the %s() function in safe mode",
azProhibitedFunctions[i]);
}
--
2.30.2

1
meta/recipes-support/sqlite/sqlite3_3.38.5.bb
View File

@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch \
file://CVE-2022-46908.patch \
"
SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"