CVE-2017-15286: Make sure the tableColumnList() routine of the command-line shell does not cause a null-pointer dereference in an error condition.
Affects sqlite3 < 3.21 Signed-off-by: Jagadeesh Krishnanjanappa <[email protected]> --- .../sqlite/files/CVE-2017-15286.patch | 34 ++++++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.20.0.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2017-15286.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2017-15286.patch b/meta/recipes-support/sqlite/files/CVE-2017-15286.patch new file mode 100644 index 0000000..954f8d5 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2017-15286.patch @@ -0,0 +1,34 @@ +SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c +because it fails to consider certain cases where +`sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure +is never initialized. + +This CVE patch applies neatly on sqlite v3.20.0, hence applying +for sqlite v3.20.0. + +Also, removed hunk of "src/shell.c.in" present in upstream +commit https://www.sqlite.org/src/info/5d0ceb8dcdef92cd; as v3.20.0 +does not have src/shell.c.in file. + +CVE: CVE-2017-15286 +Upstream-Status: Backport from v3.21 + +Signed-off-by: drh <name@hidden-address> +Signed-off-by: Jagadeesh Krishnanjanappa <[email protected]> + +Index: src/shell.c +================================================================== +--- src/shell.c ++++ src/shell.c +@@ -3799,10 +3799,11 @@ + isIPK = 0; + } + } + } + sqlite3_finalize(pStmt); ++ if( azCol==0 ) return 0; + azCol[0] = 0; + azCol[nCol+1] = 0; + + /* The decision of whether or not a rowid really needs to be preserved + ** is tricky. We never need to preserve a rowid for a WITHOUT ROWID table diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb index e508258..1b82289 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "\ http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://sqlite3-fix-CVE-2017-13685.patch \ + file://CVE-2017-15286.patch \ " SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d" SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0" -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
