[OE-core] [thud][PATCH v2] sqlite3: CVE fix
akuster808
akuster808 at gmail.com
Tue Oct 15 16:01:04 UTC 2019
On 10/14/19 1:22 PM, shuagr97 at gmail.com wrote:
> From: Shubham Agrawal <shuagr at microsoft.com>
>
> CVE:CVE-2019-161680
Does not match patch name.
> Status: Backport
>
> whitelist as changes already there due to previous patches in upstream
> CVE:CVE-2018-20346
> Status: Backported
>
> Sign off: Shubham Agrawaslshuagr at microsoft.com
This need to be fixed in Master then Warrior.
> ---
> .../sqlite/files/CVE-2019-16168.patch | 37 ++++++++++++++++++++++
> meta/recipes-support/sqlite/sqlite3_3.23.1.bb | 1 +
> 2 files changed, 38 insertions(+)
> create mode 100644 meta/recipes-support/sqlite/files/CVE-2019-16168.patch
>
> diff --git a/meta/recipes-support/sqlite/files/CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/CVE-2019-16168.patch
> new file mode 100644
> index 0000000..d8e93c0
> --- /dev/null
> +++ b/meta/recipes-support/sqlite/files/CVE-2019-16168.patch
> @@ -0,0 +1,37 @@
> +From fc8bb8d6ae2d4cd024546e9e7bbab115427c3f41 Mon Sep 17 00:00:00 2001
> +From: Shubham Agrawal <shuagr at microsoft.com>
> +Date: Fri, 11 Oct 2019 20:20:18 +0000
> +Subject: [PATCH] sqlite3 CVE: CVE-2019-16168 Status: backported Sign off:
> + Shubham Agrawal<shuagr at microsoft.com>
> +Reply-To: shuagr at microsoft.com
> +
Add this kind of information into the patch itself.
CVE:CVE-2018-20346
Status: Backported
Sign off: Shubham Agrawaslshuagr at microsoft.com
See https://patchwork.openembedded.org/patch/165800/ as an example
> +---
> + sqlite3.c | 5 ++++-
> + 1 file changed, 4 insertions(+), 1 deletion(-)
> +
> +diff --git a/sqlite3.c b/sqlite3.c
> +index 0f71a44..c480e53 100644
> +--- a/sqlite3.c
> ++++ b/sqlite3.c
> +@@ -101836,7 +101836,9 @@ static void decodeIntArray(
> + if( sqlite3_strglob("unordered*", z)==0 ){
> + pIndex->bUnordered = 1;
> + }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
> +- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
> ++ int sz = sqlite3Atoi(z+3);
> ++ if( sz<2 ) sz = 2;
> ++ pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(sz));
> + }else if( sqlite3_strglob("noskipscan*", z)==0 ){
> + pIndex->noSkipScan = 1;
> + }
> +@@ -137151,6 +137153,7 @@ static int whereLoopAddBtreeIndex(
> + ** it to pNew->rRun, which is currently set to the cost of the index
> + ** seek only. Then, if this is a non-covering index, add the cost of
> + ** visiting the rows in the main table. */
> ++ assert( pSrc->pTab->szTabRow>0 );
> + rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
> + pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
> + if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
> +--
> +2.7.4
> +
> diff --git a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
> index 7df61cd..e2e9b50 100644
> --- a/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
> +++ b/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
> @@ -8,6 +8,7 @@ SRC_URI = "\
> file://CVE-2018-20505.patch \
> file://CVE-2018-20506.patch \
> file://CVE-2019-8457.patch \
> + file://CVE-2019-16168.patch \
> "
> SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa"
> SRC_URI[sha256sum] = "92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25"
More information about the Openembedded-core
mailing list