mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-28 20:39:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e32d854e33bc86c2a616df8708e021a098afcf73
poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch
Armin Kuster 2a6fa8877d sqlite3: Security fix for CVE-2020-15358 
Source: sqlite.org
MR: 104526
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/vinfo/10fa79d00f8091e5?diff=1
ChangeID: a1c012b8c8aecd4970f3ae16686bf25f2376f542
Description:

Affects sqlite < 3.32.3

Fixes CVE CVE-2020-15358

(From OE-Core rev: 8eb5fad746b716cba350c6cd6a30766534a90a28)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-07-07 23:15:10 +01:00

48 lines
2.1 KiB
Diff
Raw Blame History

Fix a defect in the query-flattener optimization identified by ticket [8f157e8010b22af0].
Upstream-Status: Backport
https://www.sqlite.org/src/info/10fa79d00f8091e5
CVE: CVE-2020-15358
Signed-off-by: Armin Kuster <akuster@mvista.com>
Index: sqlite-autoconf-3310100/sqlite3.c
===================================================================
--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
@@ -18349,6 +18349,7 @@ struct Select {
#define SF_WhereBegin 0x0080000 /* Really a WhereBegin() call. Debug Only */
#define SF_WinRewrite 0x0100000 /* Window function rewrite accomplished */
#define SF_View 0x0200000 /* SELECT statement is a view */
+#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */
/*
** The results of a SELECT can be distributed in several ways, as defined
@@ -130607,9 +130608,7 @@ static int multiSelect(
selectOpName(p->op)));
rc = sqlite3Select(pParse, p, &uniondest);
testcase( rc!=SQLITE_OK );
- /* Query flattening in sqlite3Select() might refill p->pOrderBy.
- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
- sqlite3ExprListDelete(db, p->pOrderBy);
+ assert( p->pOrderBy==0 );
pDelete = p->pPrior;
p->pPrior = pPrior;
p->pOrderBy = 0;
@@ -131958,7 +131957,7 @@ static int flattenSubquery(
** We look at every expression in the outer query and every place we see
** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
*/
- if( pSub->pOrderBy ){
+ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
/* At this point, any non-zero iOrderByCol values indicate that the
** ORDER BY column expression is identical to the iOrderByCol'th
** expression returned by SELECT statement pSub. Since these values
@@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select(
sqlite3ExprListDelete(db, p->pOrderBy);
p->pOrderBy = 0;
p->selFlags &= ~SF_Distinct;
+ p->selFlags |= SF_NoopOrderBy;
}
sqlite3SelectPrep(pParse, p, 0);
if( pParse->nErr || db->mallocFailed ){
Reference in New Issue View Git Blame Copy Permalink