Fixed CVE-2018-8740

Resolves: #1558809
This commit is contained in:
Petr Kubat 2018-03-21 15:11:04 +01:00
parent 28cc179ee2
commit f2d6883ed2
2 changed files with 58 additions and 1 deletions

View File

@ -0,0 +1,51 @@
Index: src/build.c
==================================================================
--- src/build.c
+++ src/build.c
@@ -1868,12 +1868,10 @@
}
assert( !db->mallocFailed );
p = pParse->pNewTable;
if( p==0 ) return;
- assert( !db->init.busy || !pSelect );
-
/* If the db->init.busy is 1 it means we are reading the SQL off the
** "sqlite_master" or "sqlite_temp_master" table on the disk.
** So do not write to the disk again. Extract the root page number
** for the table from the db->init.newTnum field. (The page number
** should have been put there by the sqliteOpenCb routine.)
@@ -1880,10 +1878,14 @@
**
** If the root page number is 1, that means this is the sqlite_master
** table itself. So mark it read-only.
*/
if( db->init.busy ){
+ if( pSelect ){
+ sqlite3ErrorMsg(pParse, "");
+ return;
+ }
p->tnum = db->init.newTnum;
if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
}
/* Special processing for WITHOUT ROWID Tables */
Index: src/prepare.c
==================================================================
--- src/prepare.c
+++ src/prepare.c
@@ -27,11 +27,11 @@
sqlite3 *db = pData->db;
if( !db->mallocFailed && (db->flags & SQLITE_WriteSchema)==0 ){
char *z;
if( zObj==0 ) zObj = "?";
z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
sqlite3DbFree(db, *pData->pzErrMsg);
*pData->pzErrMsg = z;
}
pData->rc = db->mallocFailed ? SQLITE_NOMEM_BKPT : SQLITE_CORRUPT_BKPT;
}

View File

@ -10,7 +10,7 @@
Summary: Library that implements an embeddable SQL database engine
Name: sqlite
Version: %{rpmver}
Release: 3%{?dist}
Release: 4%{?dist}
License: Public Domain
Group: Applications/Databases
URL: http://www.sqlite.org/
@ -41,6 +41,8 @@ Patch10: sqlite-3.22.0-fts3rank-big-endian.patch
# Upstream pt1: https://www.sqlite.org/src/info/d9e59cfb8476e1ec
# Upstream pt2: https://www.sqlite.org/src/info/ba0631de60ca38bf
Patch11: sqlite-3.22.0-walro2-filesize.patch
# Upstream: https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema
Patch12: sqlite-3.22.0-corrupt-schema.patch
BuildRequires: ncurses-devel readline-devel glibc-devel
BuildRequires: autoconf
@ -147,6 +149,7 @@ This package contains the analysis program for %{name}.
%patch9 -p0
%patch10 -p0
%patch11 -p0
%patch12 -p0
autoconf # Rerun with new autoconf to add support for aarm64
@ -248,6 +251,9 @@ make test
%endif
%changelog
* Wed Mar 21 2018 Petr Kubat <pkubat@redhat.com> - 3.22.0-4
- Fixed CVE-2018-8740 (#1558809)
* Fri Feb 9 2018 Florian Weimer <fweimer@redhat.com> - 3.22.0-3
- Use LDFLAGS from redhat-rpm-config for building lemon, too