mirror of
https://git.yoctoproject.org/poky
synced 2026-07-15 15:37:03 +00:00
sqlite: fix numerous CVEs
Fix the following CVEs: - CVE-2019-19244 - CVE-2019-19880 - CVE-2019-19923 - CVE-2019-19924 - CVE-2019-19925 - CVE-2019-19926 - CVE-2019-19959 - CVE-2019-20218 (From OE-Core rev: f3ebf3f8dd0b4d144db451a8fcb352762f7fbd75) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
committed by
Richard Purdie
parent
4b45e7419f
commit
8dd90ff82e
@@ -0,0 +1,33 @@
|
||||
CVE: CVE-2019-19925
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
|
||||
From e92580434d2cdca228649d32f76167492de4f512 Mon Sep 17 00:00:00 2001
|
||||
From: "D. Richard Hipp" <drh@hwaci.com>
|
||||
Date: Thu, 19 Dec 2019 15:15:40 +0000
|
||||
Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the
|
||||
pathname of the file being inserted is a NULL. Bug discovered by the
|
||||
Yongheng and Rui fuzzer.
|
||||
|
||||
FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06
|
||||
---
|
||||
shell.c | 1 +
|
||||
sqlite3.c | 4 ++--
|
||||
sqlite3.h | 2 +-
|
||||
3 files changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/shell.c b/shell.c
|
||||
index 053180c..404a8d4 100644
|
||||
--- a/shell.c
|
||||
+++ b/shell.c
|
||||
@@ -5827,6 +5827,7 @@ static int zipfileUpdate(
|
||||
|
||||
if( rc==SQLITE_OK ){
|
||||
zPath = (const char*)sqlite3_value_text(apVal[2]);
|
||||
+ if( zPath==0 ) zPath = "";
|
||||
nPath = (int)strlen(zPath);
|
||||
mTime = zipfileGetTime(apVal[4]);
|
||||
}
|
||||
--
|
||||
2.24.1
|
||||
|
||||
Reference in New Issue
Block a user