[OE-core] [ROCKO][PATCH V2 01/34] sqlite3: CVE-2017-15286

Jagadeesh Krishnanjanappa jkrishnanjanappa at mvista.com
Wed Aug 22 13:35:07 UTC 2018 

CVE-2017-15286: Make sure the tableColumnList() routine of the command-line
shell does not cause a null-pointer dereference in an error condition.

Affects sqlite3 < 3.21

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
---
 .../sqlite/files/CVE-2017-15286.patch              | 34 ++++++++++++++++++++++
 meta/recipes-support/sqlite/sqlite3_3.20.0.bb      |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2017-15286.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2017-15286.patch b/meta/recipes-support/sqlite/files/CVE-2017-15286.patch
new file mode 100644
index 0000000..954f8d5
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2017-15286.patch
@@ -0,0 +1,34 @@
+SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c 
+because it fails to consider certain cases where 
+`sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure 
+is never initialized.
+
+This CVE patch applies neatly on sqlite v3.20.0, hence applying
+for sqlite v3.20.0.
+
+Also, removed hunk of "src/shell.c.in" present in upstream 
+commit https://www.sqlite.org/src/info/5d0ceb8dcdef92cd; as v3.20.0
+does not have src/shell.c.in file.
+
+CVE: CVE-2017-15286
+Upstream-Status: Backport from v3.21
+
+Signed-off-by: drh <name at hidden-address>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
+
+Index: src/shell.c
+==================================================================
+--- src/shell.c
++++ src/shell.c
+@@ -3799,10 +3799,11 @@
+         isIPK = 0;
+       }
+     }
+   }
+   sqlite3_finalize(pStmt);
++  if( azCol==0 ) return 0;
+   azCol[0] = 0;
+   azCol[nCol+1] = 0;
+ 
+   /* The decision of whether or not a rowid really needs to be preserved
+   ** is tricky.  We never need to preserve a rowid for a WITHOUT ROWID table
diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
index e508258..1b82289 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
 SRC_URI = "\
   http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \
   file://sqlite3-fix-CVE-2017-13685.patch \
+  file://CVE-2017-15286.patch \
   "
 SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"
 SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"
-- 
2.7.4

More information about the Openembedded-core mailing list