On 10/1/19 11:12 AM, shuag...@gmail.com wrote: > From: Shubham Agrawal <shu...@microsoft.com>
I cleaned up the patch to conform to the patch guide. see https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/thud-nmut&id=c0c66d213b4b6deb0a5e9a688810d2e9674d3ecf as an example of what was meant. - armin > > --- > .../sqlite/files/CVE-2019-8457.patch | 124 > +++++++++++++++++++++ > meta/recipes-support/sqlite/sqlite3_3.23.1.bb | 1 + > 2 files changed, 125 insertions(+) > create mode 100644 meta/recipes-support/sqlite/files/CVE-2019-8457.patch > > diff --git a/meta/recipes-support/sqlite/files/CVE-2019-8457.patch > b/meta/recipes-support/sqlite/files/CVE-2019-8457.patch > new file mode 100644 > index 0000000..a103dd8 > --- /dev/null > +++ b/meta/recipes-support/sqlite/files/CVE-2019-8457.patch > @@ -0,0 +1,124 @@ > +From fbf2392644f0ae4282fa4583c9bb67260995d983 Mon Sep 17 00:00:00 2001 > +From: Shubham Agrawal <shu...@microsoft.com> > +Date: Mon, 23 Sep 2019 20:58:47 +0000 > +Subject: [PATCH] CVE: CVE-2019-8457 Upstream-Status: Backport > + > +Sign off: Shubham Agrawal <shu...@microsoft.com> > +--- > + sqlite3.c | 50 +++++++++++++++++++++++++++++++------------------- > + 1 file changed, 31 insertions(+), 19 deletions(-) > + > +diff --git a/sqlite3.c b/sqlite3.c > +index 00513d4..5c8c7f4 100644 > +--- a/sqlite3.c > ++++ b/sqlite3.c > +@@ -172325,6 +172325,33 @@ > + } > + > + > ++/* Allocate and initialize a new dynamic string object */ > ++StrAccum *sqlite3_str_new(sqlite3 *db){ > ++ StrAccum *p = sqlite3DbMallocRaw(db, sizeof(*p)); > ++ if( p ){ > ++ sqlite3StrAccumInit(p, db, 0, 0, SQLITE_MAX_LENGTH); > ++ } > ++ return p; > ++} > ++ > ++/* Finalize a string created using sqlite3_str_new(). > ++*/ > ++ > ++char *sqlite3_str_finish(StrAccum *p){ > ++ char *z; > ++ if( p ){ > ++ z = sqlite3StrAccumFinish(p); > ++ sqlite3DbFree(p->db, p); > ++ }else{ > ++ z = 0; > ++ } > ++ return z; > ++} > ++/* Return any error code associated with p */ > ++int sqlite3_str_errcode(StrAccum *p){ > ++ return p ? p->accError : SQLITE_NOMEM; > ++} > ++ > + /* > + ** Implementation of a scalar function that decodes r-tree nodes to > + ** human readable strings. This can be used for debugging and analysis. > +@@ -172342,49 +172369,53 @@ > + ** <num-dimension>*2 coordinates. > + */ > + static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value > **apArg){ > +- char *zText = 0; > ++ > + RtreeNode node; > + Rtree tree; > + int ii; > ++ int nData; > ++ int errCode; > ++ StrAccum *pOut; > + > + UNUSED_PARAMETER(nArg); > + memset(&node, 0, sizeof(RtreeNode)); > + memset(&tree, 0, sizeof(Rtree)); > + tree.nDim = (u8)sqlite3_value_int(apArg[0]); > ++ if( tree.nDim<1 || tree.nDim>5 ) return; > + tree.nDim2 = tree.nDim*2; > + tree.nBytesPerCell = 8 + 8 * tree.nDim; > + node.zData = (u8 *)sqlite3_value_blob(apArg[1]); > ++ nData = sqlite3_value_bytes(apArg[1]); > ++ if( nData<4 ) return; > ++ if( nData<NCELL(&node)*tree.nBytesPerCell ) return; > + > ++ pOut = sqlite3_str_new(0); > + for(ii=0; ii<NCELL(&node); ii++){ > +- char zCell[512]; > +- int nCell = 0; > ++ > ++ > + RtreeCell cell; > + int jj; > + > + nodeGetCell(&tree, &node, ii, &cell); > +- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid); > +- nCell = (int)strlen(zCell); > ++ if( ii>0 ) sqlite3StrAccumAppend(pOut, " ", 1); > ++ sqlite3XPrintf(pOut, "{%lld", cell.iRowid); > ++ > + for(jj=0; jj<tree.nDim2; jj++){ > + #ifndef SQLITE_RTREE_INT_ONLY > +- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g", > +- (double)cell.aCoord[jj].f); > ++ > ++ sqlite3XPrintf(pOut, " %g", (double)cell.aCoord[jj].f); > + #else > +- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d", > +- cell.aCoord[jj].i); > ++ > ++ sqlite3XPrintf(pOut, " %d", cell.aCoord[jj].i); > + #endif > +- nCell = (int)strlen(zCell); > +- } > + > +- if( zText ){ > +- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell); > +- sqlite3_free(zText); > +- zText = zTextNew; > +- }else{ > +- zText = sqlite3_mprintf("{%s}", zCell); > + } > ++ sqlite3StrAccumAppend(pOut, "}", 1); > + } > +- > +- sqlite3_result_text(ctx, zText, -1, sqlite3_free); > ++ > ++ errCode = sqlite3_str_errcode(pOut); > ++ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free); > ++ sqlite3_result_error_code(ctx, errCode); > + } > + > + /* This routine implements an SQL function that returns the "depth" > parameter > +-- > +2.7.4 > + > diff --git a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb > b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb > index d214ea1..7df61cd 100644 > --- a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb > +++ b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb > @@ -7,6 +7,7 @@ SRC_URI = "\ > http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \ > file://CVE-2018-20505.patch \ > file://CVE-2018-20506.patch \ > + file://CVE-2019-8457.patch \ > " > SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa" > SRC_URI[sha256sum] = > "92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25" -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
