mirror of
https://git.yoctoproject.org/poky
synced 2026-07-16 15:57:04 +00:00
sqlite3: fix CVE-2019-9936 and CVE-2019-9937
(From OE-Core rev: 4ec161ea684b305b303f32e96ce23f472c82e1a1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
committed by
Richard Purdie
parent
bf9ad70bda
commit
f7db0478d2
@@ -0,0 +1,28 @@
|
||||
Running fts5 prefix queries inside a transaction could trigger a heap-based
|
||||
buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an
|
||||
information leak.
|
||||
|
||||
CVE: CVE-2019-9936
|
||||
Upstream-Status: Backport [https://sqlite.org/src/vpatch?from=45c73deb440496e8&to=b3fa58dd7403dbd4]
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
---
|
||||
sqlite3.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sqlite3.c b/sqlite3.c
|
||||
index 4729f45..65527d8 100644
|
||||
--- a/sqlite3.c
|
||||
+++ b/sqlite3.c
|
||||
@@ -207759,7 +207759,9 @@ static int fts5HashEntrySort(
|
||||
for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
|
||||
Fts5HashEntry *pIter;
|
||||
for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
|
||||
- if( pTerm==0 || 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm) ){
|
||||
+ if( pTerm==0
|
||||
+ || (pIter->nKey+1>=nTerm && 0==memcmp(fts5EntryKey(pIter), pTerm, nTerm))
|
||||
+ ){
|
||||
Fts5HashEntry *pEntry = pIter;
|
||||
pEntry->pScanNext = 0;
|
||||
for(i=0; ap[i]; i++){
|
||||
--
|
||||
2.20.1
|
||||
Reference in New Issue
Block a user