fix CVE-2019-14900

2021-03-19 11:50:33 +08:00 · 2021-03-19 11:50:33 +08:00 · da9512fc51
commit da9512fc51
parent d3c029f5b6
2 changed files with 53 additions and 2 deletions
--- a/CVE-2019-14900.patch
+++ b/CVE-2019-14900.patch
@ -0,0 +1,48 @@
+From 64a0cec764bfdd93c5e3d57e9fc342bcc9824ea3 Mon Sep 17 00:00:00 2001
+From: wang_yue111 <648774160@qq.com>
+Date: Fri, 19 Mar 2021 11:45:31 +0800
+Subject: [PATCH] fix CVE-2019-14900
+
+---
+ .../expression/LiteralExpression.java         | 20 +++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
+index ac485b4..6125363 100644
+--- a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
+++ b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
+@@ -58,17 +58,25 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
+ 		return ':' + parameterName;
+ 	}
+ 
+	private String escapeLiteral(String literal) {
+		return literal.replace("'", "''");
+	}
+
+	private String inlineLiteral(String literal) {
+		return String.format( "\'%s\'", escapeLiteral( literal) );
+	}
+
+ 	@SuppressWarnings({ "unchecked" })
+ 	public String renderProjection(RenderingContext renderingContext) {
+		if ( ValueHandlerFactory.isCharacter( literal ) ) {
+			// In case literal is a Character, pass literal.toString() as the argument.
+			return inlineLiteral( literal.toString() );
+		}
+
+ 		// some drivers/servers do not like parameters in the select clause
+ 		final ValueHandlerFactory.ValueHandler handler =
+ 				ValueHandlerFactory.determineAppropriateHandler( literal.getClass() );
+-		if ( ValueHandlerFactory.isCharacter( literal ) ) {
+-			return '\'' + handler.render( literal ) + '\'';
+-		}
+-		else {
+-			return handler.render( literal );
+-		}
+		return handler.render( literal );
+ 	}
+ 
+ 	@Override
+-- 
+2.23.0
+
--- a/hibernate.spec
+++ b/hibernate.spec
@ -5,7 +5,7 @@
 Name:          hibernate
 Summary:       an easy-to-use and powerful object relational persistence framework for Java applications
 Version:       5.0.10
-Release:       7
+Release:       8
 License:       LGPLv2+ and ASL 2.0
 URL:           http://www.hibernate.org/

@ -34,7 +34,7 @@ Source67:      Bundle-Description-Name.txt
 Source68:      manifestFile.txt

 Patch0000:     CVE-2020-25638.patch
-
+Patch0001:     CVE-2019-14900.patch
 BuildRequires: maven-local mvn(antlr:antlr) mvn(com.experlog:xapool) mvn(com.fasterxml:classmate)
 BuildRequires: mvn(com.mchange:c3p0) mvn(com.zaxxer:HikariCP) mvn(dom4j:dom4j) mvn(java_cup:java_cup)
 BuildRequires: mvn(javax.enterprise:cdi-api) mvn(javax.validation:validation-api) mvn(junit:junit)
@ -164,6 +164,9 @@ done
 %doc hibernate-osgi/README.md

 %changelog
+* Thu Mar 18 2021 wangyue<wangyue92@huawei.com>  5.0.10-8
+- fix CVE-2019-14900
+
 * Sat Dec 12 2020  zhangtao<zhangtao221@huawei.com> - 5.0.10-7
 - CVE-2020-25638