[OE-core] [thud][PATCH v2] sqlite3: CVE fix

shuagr97 Mon, 14 Oct 2019 13:23:28 -0700

From: Shubham Agrawal <shu...@microsoft.com>

CVE:CVE-2019-161680
Status: Backport


whitelist as changes already there due to previous patches in upstream
CVE:CVE-2018-20346
Status: Backported

Sign off: Shubham agrawaslshu...@microsoft.com
---
 .../sqlite/files/CVE-2019-16168.patch              | 37 ++++++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.23.1.bb      |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2019-16168.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2019-16168.patch 
b/meta/recipes-support/sqlite/files/CVE-2019-16168.patch
new file mode 100644
index 0000000..d8e93c0
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2019-16168.patch
@@ -0,0 +1,37 @@
+From fc8bb8d6ae2d4cd024546e9e7bbab115427c3f41 Mon Sep 17 00:00:00 2001
+From: Shubham Agrawal <shu...@microsoft.com>
+Date: Fri, 11 Oct 2019 20:20:18 +0000
+Subject: [PATCH] sqlite3 CVE: CVE-2019-16168 Status: backported Sign off:
+ Shubham Agrawal<shu...@microsoft.com>
+Reply-To: shu...@microsoft.com
+
+---
+ sqlite3.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 0f71a44..c480e53 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -101836,7 +101836,9 @@ static void decodeIntArray(
+       if( sqlite3_strglob("unordered*", z)==0 ){
+         pIndex->bUnordered = 1;
+       }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
+-        pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
++        int sz = sqlite3Atoi(z+3);
++        if( sz<2 ) sz = 2;
++        pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(sz));
+       }else if( sqlite3_strglob("noskipscan*", z)==0 ){
+         pIndex->noSkipScan = 1;
+       }
+@@ -137151,6 +137153,7 @@ static int whereLoopAddBtreeIndex(
+     ** it to pNew->rRun, which is currently set to the cost of the index
+     ** seek only. Then, if this is a non-covering index, add the cost of
+     ** visiting the rows in the main table.  */
++    assert( pSrc->pTab->szTabRow>0 );
+     rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
+     pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
+     if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
+-- 
+2.7.4
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb 
b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
index 7df61cd..e2e9b50 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
@@ -8,6 +8,7 @@ SRC_URI = "\
   file://CVE-2018-20505.patch \
   file://CVE-2018-20506.patch \
   file://CVE-2019-8457.patch \
+  file://CVE-2019-16168.patch \
   "
 SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa"
 SRC_URI[sha256sum] = 
"92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25"
-- 
2.7.4

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud][PATCH v2] sqlite3: CVE fix

Reply via email to