Fix CVE-2019-13508

CVE-2019-13508.patch

@@ -0,0 +1,30 @@
+From 0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <freddy77@gmail.com>
+Date: Tue, 9 Jul 2019 09:26:43 +0100
+Subject: [PATCH] tds: Make sure UDT has varint set to 8
+
+Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
+---
+ src/tds/data.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/tds/data.c b/src/tds/data.c
+index c10ebe1ca..0c5e90f95 100644
+--- a/src/tds/data.c
++++ b/src/tds/data.c
+@@ -1425,6 +1425,7 @@ tds_clrudt_get_info(TDSSOCKET * tds, TDSCOLUMN * col)
+ 	tds_get_string(tds, tds_get_usmallint(tds), NULL, 0);
+ 
+ 	col->column_size = 0x7ffffffflu;
++	col->column_varint_size = 8;
+ 
+ 	return TDS_SUCCESS;
+ }
+@@ -1432,6 +1433,7 @@ tds_clrudt_get_info(TDSSOCKET * tds, TDSCOLUMN * col)
+ TDS_INT
+ tds_clrudt_row_len(TDSCOLUMN *col)
+ {
++	col->column_varint_size = 8;
+ 	/* TODO save other fields */
+ 	return sizeof(TDSBLOB);
+ }

freetds.spec

@@ -1,12 +1,13 @@
 Name:          freetds
 Summary:       Implementation of the TDS (Tabular DataStream) protocol
 Version:       1.00.38
-Release:       7
+Release:       8
 License:       LGPLv2+ and GPLv2+
 URL:           http://www.freetds.org/
 
 Source0:       ftp://ftp.freetds.org/pub/freetds/stable/freetds-%{version}.tar.bz2
 Source1:       freetds-tds_sysdep_public.h
+Patch0:        CVE-2019-13508.patch
 
 BuildRequires: unixODBC-devel readline-devel gnutls-devel krb5-devel
 BuildRequires: libgcrypt-devel libtool doxygen docbook-style-dsssl
@@ -119,5 +120,8 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Wed Feb 09 2022 wangkai <wangkai385@huawei.com> - 1.00.38-8
+- Fix CVE-2019-13508
+
 * Thu Nov 28 2019 Wanjiankang <wanjiankang@huawei.com> - 1.00.38-7
 - Initial package.