rpms
/
sqlite
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed CVE-2018-8740 

Resolves: #1558809
This commit is contained in:
Petr Kubat 2018-03-21 15:11:04 +01:00
parent 2bdc595044
commit 1f33d78350
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
sqlite-3.22.0-corrupt-schema.patch Normal file
View File

@ -0,0 +1,51 @@
Index: src/build.c
==================================================================
--- src/build.c
+++ src/build.c
@@ -1868,12 +1868,10 @@
}
assert( !db->mallocFailed );
p = pParse->pNewTable;
if( p==0 ) return;
- assert( !db->init.busy || !pSelect );
-
/* If the db->init.busy is 1 it means we are reading the SQL off the
** "sqlite_master" or "sqlite_temp_master" table on the disk.
** So do not write to the disk again. Extract the root page number
** for the table from the db->init.newTnum field. (The page number
** should have been put there by the sqliteOpenCb routine.)
@@ -1880,10 +1878,14 @@
**
** If the root page number is 1, that means this is the sqlite_master
** table itself. So mark it read-only.
*/
if( db->init.busy ){
+ if( pSelect ){
+ sqlite3ErrorMsg(pParse, "");
+ return;
+ }
p->tnum = db->init.newTnum;
if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
}
/* Special processing for WITHOUT ROWID Tables */
Index: src/prepare.c
==================================================================
--- src/prepare.c
+++ src/prepare.c
@@ -27,11 +27,11 @@
sqlite3 *db = pData->db;
if( !db->mallocFailed && (db->flags & SQLITE_WriteSchema)==0 ){
char *z;
if( zObj==0 ) zObj = "?";
z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
sqlite3DbFree(db, *pData->pzErrMsg);
*pData->pzErrMsg = z;
}
pData->rc = db->mallocFailed ? SQLITE_NOMEM_BKPT : SQLITE_CORRUPT_BKPT;
}

8
sqlite.spec
View File

@ -10,7 +10,7 @@
Summary: Library that implements an embeddable SQL database engine
Name: sqlite
Version: %{rpmver}
Release: 1%{?dist}
Release: 2%{?dist}
License: Public Domain
Group: Applications/Databases
URL: http://www.sqlite.org/
@ -34,6 +34,8 @@ Patch6: sqlite-3.8.10.1-tcl-regress-tests.patch
Patch7: sqlite-3.16-datetest-2.2c.patch
# Modify sync2.test to pass with DIRSYNC turned off
Patch8: sqlite-3.18.0-sync2-dirsync.patch
# Upstream: https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema
Patch9: sqlite-3.22.0-corrupt-schema.patch
BuildRequires: ncurses-devel readline-devel glibc-devel
BuildRequires: autoconf
@ -137,6 +139,7 @@ This package contains the analysis program for %{name}.
%patch7 -p1
%endif
%patch8 -p1
%patch9 -p0
autoconf # Rerun with new autoconf to add support for aarm64
@ -240,6 +243,9 @@ make test
%endif
%changelog
* Wed Mar 21 2018 Petr Kubat <pkubat@redhat.com> - 3.20.1-2
- Fixed CVE-2018-8740 (#1558809)
* Mon Aug 28 2017 Petr Kubat <pkubat@redhat.com> - 3.20.1-1
- Updated to version 3.20.1 (https://sqlite.org/releaselog/3_20_1.html)