mirror of
https://git.yoctoproject.org/poky
synced 2026-07-17 04:07:06 +00:00
sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs.
(From OE-Core rev: 18641988caa131436f75dd3c279ce5af3380481a) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
committed by
Richard Purdie
parent
2f4691f403
commit
bbe38cd637
@@ -0,0 +1,39 @@
|
||||
From 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC
|
||||
From: larrybr <larrybr@sqlite.org>
|
||||
Date: 2022-12-05 02:52:37 UTC
|
||||
Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
|
||||
|
||||
Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f.
|
||||
|
||||
Upstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2]
|
||||
CVE-2022-46908
|
||||
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
|
||||
---
|
||||
shell.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/shell.c b/shell.c
|
||||
index d104768..0200c0a 100644
|
||||
--- a/shell.c
|
||||
+++ b/shell.c
|
||||
@@ -12894,7 +12894,7 @@ static int safeModeAuth(
|
||||
"zipfile",
|
||||
"zipfile_cds",
|
||||
};
|
||||
- UNUSED_PARAMETER(zA2);
|
||||
+ UNUSED_PARAMETER(zA1);
|
||||
UNUSED_PARAMETER(zA3);
|
||||
UNUSED_PARAMETER(zA4);
|
||||
switch( op ){
|
||||
@@ -12905,7 +12905,7 @@ static int safeModeAuth(
|
||||
case SQLITE_FUNCTION: {
|
||||
int i;
|
||||
for(i=0; i<ArraySize(azProhibitedFunctions); i++){
|
||||
- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
|
||||
+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
|
||||
failIfSafeMode(p, "cannot use the %s() function in safe mode",
|
||||
azProhibitedFunctions[i]);
|
||||
}
|
||||
--
|
||||
2.30.2
|
||||
|
||||
Reference in New Issue
Block a user