From ae01caf3b103dc8b7df4b87b96353e297860ba2d Mon Sep 17 00:00:00 2001 From: Zuzana Miklankova Date: Thu, 4 Jan 2024 08:24:00 +0100 Subject: [PATCH] Fix CVE-2023-7104 Resolves: RHEL-20480 --- sqlite-3.34.1-CVE-2023-7104.patch | 42 +++++++++++++++++++++++++++++++ sqlite.spec | 7 +++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 sqlite-3.34.1-CVE-2023-7104.patch diff --git a/sqlite-3.34.1-CVE-2023-7104.patch b/sqlite-3.34.1-CVE-2023-7104.patch new file mode 100644 index 0000000..6b9c1b7 --- /dev/null +++ b/sqlite-3.34.1-CVE-2023-7104.patch @@ -0,0 +1,42 @@ +From 09f1652f36c5c4e8a6a640ce887f9ea0f48a7958 Mon Sep 17 00:00:00 2001 +From: dan +Date: Thu, 7 Sep 2023 13:53:09 +0000 +Subject: [PATCH] Fix a buffer overread in the sessions extension that could + occur when processing a corrupt changeset. + +FossilOrigin-Name: 0e4e7a05c4204b47a324d67e18e76d2a98e26b2723d19d5c655ec9fd2e41f4b7 + +diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c +index 9f862f2465..0491549231 100644 +--- a/ext/session/sqlite3session.c ++++ b/ext/session/sqlite3session.c +@@ -2811,15 +2811,19 @@ static int sessionReadRecord( + } + } + if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){ +- sqlite3_int64 v = sessionGetI64(aVal); +- if( eType==SQLITE_INTEGER ){ +- sqlite3VdbeMemSetInt64(apOut[i], v); ++ if( (pIn->nData-pIn->iNext)<8 ){ ++ rc = SQLITE_CORRUPT_BKPT; + }else{ +- double d; +- memcpy(&d, &v, 8); +- sqlite3VdbeMemSetDouble(apOut[i], d); ++ sqlite3_int64 v = sessionGetI64(aVal); ++ if( eType==SQLITE_INTEGER ){ ++ sqlite3VdbeMemSetInt64(apOut[i], v); ++ }else{ ++ double d; ++ memcpy(&d, &v, 8); ++ sqlite3VdbeMemSetDouble(apOut[i], d); ++ } ++ pIn->iNext += 8; + } +- pIn->iNext += 8; + } + } + } +-- +2.43.0 + diff --git a/sqlite.spec b/sqlite.spec index e880c8f..f6b961a 100644 --- a/sqlite.spec +++ b/sqlite.spec @@ -10,7 +10,7 @@ Summary: Library that implements an embeddable SQL database engine Name: sqlite Version: %{rpmver} -Release: 18%{?dist} +Release: 19%{?dist} License: Public Domain Group: Applications/Databases URL: http://www.sqlite.org/ @@ -104,6 +104,7 @@ Patch37: sqlite-3.26.0-CVE-2022-35737.patch # Fix for CVE-2020-24736 # https://www.sqlite.org/src/info/579b66eaa0816561 Patch38: sqlite-3.26.0-CVE-2020-24736.patch +Patch39: sqlite-3.34.1-CVE-2023-7104.patch BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: autoconf @@ -237,6 +238,7 @@ This package contains the analysis program for %{name}. %patch -P 36 -p1 %patch -P 37 -p1 %patch -P 38 -p1 +%patch -P 39 -p1 # Remove backup-file @@ -338,6 +340,9 @@ make test %endif %changelog +* Wed Jan 03 2024 Zuzana Miklankova - 3.26.0-19 +- Fixed CVE-2023-7104 + * Fri Apr 14 2023 Zuzana Miklankova - 3.26.0-18 - Fixed CVE-2022-24736