kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

databases/sqlite3: Patch for CVE-2018-8740

Browse source 
Detect databases whose schema is corrupted using
a CREATE TABLE AS statement and issue an appropriate error message.

CVE-2018-8740 will be entered into VuXML when SQLite will make
a release, because CVE-2018-8740 says that versions up to and including
the current version 3.22.0 are vulnerable.

Submitted by:	Pavel Volkov <pavelivolkov@gmail.com> (maintainer)
Reported by:	tj <tj@mrsk.me>
This commit is contained in:
Yuri Victorovich 2018-03-22 08:52:58 +00:00
parent 775c68f2f0
commit 5bb45f7194
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=465275
2 changed files with 37 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
databases/sqlite3/Makefile
View file

@ -3,6 +3,7 @@
PORTNAME= sqlite3
DISTVERSION= 3.22.0
PORTREVISION= 1
CATEGORIES= databases
MASTER_SITES= https://www.sqlite.org/2018/ http://www2.sqlite.org/2018/ http://www3.sqlite.org/2018/
DISTNAME= sqlite-autoconf-${PORTVERSION:C/\.([[:digit:]])[[:>:]]/0\1/g:S/.//g}00

36
databases/sqlite3/files/patch-sqlite3.c Normal file
View file

@ -0,0 +1,36 @@
Fix for CVE-2018-8740: https://nvd.nist.gov/vuln/detail/CVE-2018-8740
Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message.
Commit [d75e6765]: https://www.sqlite.org/src/info/d75e67654aa9620b
Description: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
--- sqlite3.c.orig 2018-03-22 07:08:21 UTC
+++ sqlite3.c
@@ -103474,8 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable(
p = pParse->pNewTable;
if( p==0 ) return;
- assert( !db->init.busy || !pSelect );
-
/* If the db->init.busy is 1 it means we are reading the SQL off the
** "sqlite_master" or "sqlite_temp_master" table on the disk.
** So do not write to the disk again. Extract the root page number
@@ -103486,6 +103484,10 @@ SQLITE_PRIVATE void sqlite3EndTable(
** table itself. So mark it read-only.
*/
if( db->init.busy ){
+ if( pSelect ){
+ sqlite3ErrorMsg(pParse, "");
+ return;
+ }
p->tnum = db->init.newTnum;
if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
}
@@ -117813,7 +117815,7 @@ static void corruptSchema(
char *z;
if( zObj==0 ) zObj = "?";
z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
sqlite3DbFree(db, *pData->pzErrMsg);
*pData->pzErrMsg = z;
}