sqlite/SOURCES/sqlite-3.26.0-CVE-2019-19925.patch
2021-10-08 16:55:58 +00:00

51 lines
1.5 KiB
Diff

From 1986c6384122947b10804cbc5c4d7af85e097404 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Mon, 20 Jan 2020 10:09:55 +0100
Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the
pathname of
the file being inserted is a NULL. Bug discovered by the
Yongheng and Rui fuzzer.
---
ext/misc/zipfile.c | 1 +
test/zipfile.test | 13 +++++++++++++
2 files changed, 14 insertions(+)
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index e57dc38..6f48d0f 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1618,6 +1618,7 @@ static int zipfileUpdate(
if( rc==SQLITE_OK ){
zPath = (const char*)sqlite3_value_text(apVal[2]);
+ if( zPath==0 ) zPath = "";
nPath = (int)strlen(zPath);
mTime = zipfileGetTime(apVal[4]);
}
diff --git a/test/zipfile.test b/test/zipfile.test
index 2bab066..5bca10b 100644
--- a/test/zipfile.test
+++ b/test/zipfile.test
@@ -795,4 +795,17 @@ if {$tcl_platform(platform)!="windows"} {
} {. ./x1.txt ./x2.txt}
}
+# 2019-12-18 Yongheng and Rui fuzzer
+#
+do_execsql_test 13.10 {
+ DROP TABLE IF EXISTS t0;
+ DROP TABLE IF EXISTS t1;
+ CREATE TABLE t0(a,b,c,d,e,f,g);
+ REPLACE INTO t0(c,b,f) VALUES(10,10,10);
+ CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
+ REPLACE INTO t1 SELECT * FROM t0;
+ SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
+ quote(data),quote(method) FROM t1;
+} {'' 10 10 2 X'3130' X'3130' 0}
+
finish_test
--
2.19.1