sqlite/0054-Fix-CVE-2019-19925-Fix-the-zipfile-extension-so-that-INSERT-works-even-.patch

From 54d501092d88c0cf89bec4279951f548fb0b8618 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 19 Dec 2019 15:15:40 +0000
Subject: [PATCH] Fix CVE-2019-19925
 Fix the zipfile extension so that INSERT works even if the
 pathname of the file being inserted is a NULL.  Bug discovered by the
 Yongheng and Rui fuzzer.

FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06

Change by Weifeng <suweifeng1@huawei.com>:
    Fit for version 3.24.0
---
 ext/misc/zipfile.c |  1 +
 test/zipfile.test  | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index 9f2258e..01cd0ca 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1617,6 +1617,7 @@ static int zipfileUpdate(
 
     if( rc==SQLITE_OK ){
       zPath = (const char*)sqlite3_value_text(apVal[2]);
+      if( zPath==0 ) zPath = "";
       nPath = (int)strlen(zPath);
       mTime = zipfileGetTime(apVal[4]);
     }
diff --git a/test/zipfile.test b/test/zipfile.test
index ebc4977..abf432c 100644
--- a/test/zipfile.test
+++ b/test/zipfile.test
@@ -761,4 +761,17 @@ do_execsql_test 11.11 {
   SELECT name, data FROM z ORDER BY name;
 } {b0suffix two b2suffix one}
 
+# 2019-12-18 Yongheng and Rui fuzzer
+#
+do_execsql_test 13.10 {
+  DROP TABLE IF EXISTS t0;
+  DROP TABLE IF EXISTS t1;
+  CREATE TABLE t0(a,b,c,d,e,f,g);
+  REPLACE INTO t0(c,b,f) VALUES(10,10,10);
+  CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
+  REPLACE INTO t1 SELECT * FROM t0;
+  SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
+         quote(data),quote(method) FROM t1;
+} {'' 10 10 2 X'3130' X'3130' 0}
+
 finish_test
-- 
2.19.1
repackage and fix cves 2020-01-08 10:32:47 +08:00			`From 54d501092d88c0cf89bec4279951f548fb0b8618 Mon Sep 17 00:00:00 2001`
			`From: drh <drh@noemail.net>`
			`Date: Thu, 19 Dec 2019 15:15:40 +0000`
			`Subject: [PATCH] Fix CVE-2019-19925`
			`Fix the zipfile extension so that INSERT works even if the`
			`pathname of the file being inserted is a NULL. Bug discovered by the`
			`Yongheng and Rui fuzzer.`

			`FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06`

			`Change by Weifeng <suweifeng1@huawei.com>:`
			`Fit for version 3.24.0`
			`---`
			`ext/misc/zipfile.c \| 1 +`
			`test/zipfile.test \| 13 +++++++++++++`
			`2 files changed, 14 insertions(+)`

			`diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c`
			`index 9f2258e..01cd0ca 100644`
			`--- a/ext/misc/zipfile.c`
			`+++ b/ext/misc/zipfile.c`
			`@@ -1617,6 +1617,7 @@ static int zipfileUpdate(`

			`if( rc==SQLITE_OK ){`
			`zPath = (const char*)sqlite3_value_text(apVal[2]);`
			`+ if( zPath==0 ) zPath = "";`
			`nPath = (int)strlen(zPath);`
			`mTime = zipfileGetTime(apVal[4]);`
			`}`
			`diff --git a/test/zipfile.test b/test/zipfile.test`
			`index ebc4977..abf432c 100644`
			`--- a/test/zipfile.test`
			`+++ b/test/zipfile.test`
			`@@ -761,4 +761,17 @@ do_execsql_test 11.11 {`
			`SELECT name, data FROM z ORDER BY name;`
			`} {b0suffix two b2suffix one}`

			`+# 2019-12-18 Yongheng and Rui fuzzer`
			`+#`
			`+do_execsql_test 13.10 {`
			`+ DROP TABLE IF EXISTS t0;`
			`+ DROP TABLE IF EXISTS t1;`
			`+ CREATE TABLE t0(a,b,c,d,e,f,g);`
			`+ REPLACE INTO t0(c,b,f) VALUES(10,10,10);`
			`+ CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');`
			`+ REPLACE INTO t1 SELECT * FROM t0;`
			`+ SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),`
			`+ quote(data),quote(method) FROM t1;`
			`+} {'' 10 10 2 X'3130' X'3130' 0}`
			`+`
			`finish_test`
			`--`
			`2.19.1`