mirror of
https://git.yoctoproject.org/poky
synced 2026-03-05 23:09:39 +01:00
8dd90ff82e
Fix the following CVEs: - CVE-2019-19244 - CVE-2019-19880 - CVE-2019-19923 - CVE-2019-19924 - CVE-2019-19925 - CVE-2019-19926 - CVE-2019-19959 - CVE-2019-20218 (From OE-Core rev: f3ebf3f8dd0b4d144db451a8fcb352762f7fbd75) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
47 lines
1.3 KiB
Diff
47 lines
1.3 KiB
Diff
CVE: CVE-2019-19959
|
|
Upstream-Status: Backport
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
From f83f7e8141ee7cbbf7f2dc8985279a7372b259b6 Mon Sep 17 00:00:00 2001
|
|
From: "D. Richard Hipp" <drh@hwaci.com>
|
|
Date: Mon, 23 Dec 2019 21:04:33 +0000
|
|
Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that
|
|
it is able to deal with goofy filenames that contain embedded zeros.
|
|
|
|
FossilOrigin-Name: cc0fb00a128fd0773db5ff7891f7aa577a3671d570166d2cbb30df922344adcf
|
|
---
|
|
shell.c | 4 ++--
|
|
sqlite3.c | 4 ++--
|
|
sqlite3.h | 2 +-
|
|
3 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/shell.c b/shell.c
|
|
index 404a8d4..48065e9 100644
|
|
--- a/shell.c
|
|
+++ b/shell.c
|
|
@@ -5841,7 +5841,7 @@ static int zipfileUpdate(
|
|
zFree = sqlite3_mprintf("%s/", zPath);
|
|
if( zFree==0 ){ rc = SQLITE_NOMEM; }
|
|
zPath = (const char*)zFree;
|
|
- nPath++;
|
|
+ nPath = (int)strlen(zPath);
|
|
}
|
|
}
|
|
|
|
@@ -6242,11 +6242,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){
|
|
}else{
|
|
if( zName[nName-1]!='/' ){
|
|
zName = zFree = sqlite3_mprintf("%s/", zName);
|
|
- nName++;
|
|
if( zName==0 ){
|
|
rc = SQLITE_NOMEM;
|
|
goto zipfile_step_out;
|
|
}
|
|
+ nName = (int)strlen(zName);
|
|
}else{
|
|
while( nName>1 && zName[nName-2]=='/' ) nName--;
|
|
}
|
|
--
|
|
2.24.1
|
|
|