packages/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!83 Fix CVE-2022-46908

Browse Source 
From: @zwtmichael 
Reviewed-by: @wbq_sky 
Signed-off-by: @wbq_sky
This commit is contained in:
openeuler-ci-bot 2022-12-16 05:05:55 +00:00 committed by Gitee
commit 36052db9a0
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
0006-CVE-2022-46908.patch Normal file
View File

@ -0,0 +1,53 @@
From 040177c01a76ccb631bbe19a445f716f0d7b9458 Mon Sep 17 00:00:00 2001
From: zwtmichael <zhuwentao5@huawei.com>
Date: Thu, 15 Dec 2022 09:49:15 +0800
Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
---
src/shell.c.in | 4 ++--
test/shell2.test | 11 +++++++++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/shell.c.in b/src/shell.c.in
index 543141c..2c1e013 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -1829,7 +1829,7 @@ static int safeModeAuth(
"zipfile",
"zipfile_cds",
};
- UNUSED_PARAMETER(zA2);
+ UNUSED_PARAMETER(zA1);
UNUSED_PARAMETER(zA3);
UNUSED_PARAMETER(zA4);
switch( op ){
@@ -1840,7 +1840,7 @@ static int safeModeAuth(
case SQLITE_FUNCTION: {
int i;
for(i=0; i<ArraySize(azProhibitedFunctions); i++){
- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
failIfSafeMode(p, "cannot use the %s() function in safe mode",
azProhibitedFunctions[i]);
}
diff --git a/test/shell2.test b/test/shell2.test
index 6b4dff5..c3777eb 100644
--- a/test/shell2.test
+++ b/test/shell2.test
@@ -188,4 +188,15 @@ b
2
}}
+# Verify that safe mode rejects certain UDFs
+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
+do_test shell2-1.4.8 {
+ catchcmd "-safe :memory:" {
+ SELECT edit('DoNotCare');}
+} {1 {line 2: cannot use the edit() function in safe mode}}
+do_test shell2-1.4.9 {
+ catchcmd "-safe :memory:" {
+ SELECT writefile('DoNotCare', x'');}
+} {1 {line 2: cannot use the writefile() function in safe mode}}
+
finish_test

7
sqlite.spec
View File

@ -6,7 +6,7 @@
Name: sqlite Name: sqlite
Version: 3.37.2 Version: 3.37.2
Release: 3 Release: 4
Summary: Embeded SQL database Summary: Embeded SQL database
License: Public Domain License: Public Domain
URL: http://www.sqlite.org/ URL: http://www.sqlite.org/
@ -20,6 +20,7 @@ Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
Patch3: 0003-CVE-2022-35737.patch Patch3: 0003-CVE-2022-35737.patch
Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch
Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch
Patch6: 0006-CVE-2022-46908.patch
BuildRequires: gcc autoconf tcl tcl-devel BuildRequires: gcc autoconf tcl tcl-devel
BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: ncurses-devel readline-devel glibc-devel
@ -67,6 +68,7 @@ This contains man files and HTML files for the using of sqlite.
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
rm -f %{name}-doc-%{extver}/sqlite.css~ || : rm -f %{name}-doc-%{extver}/sqlite.css~ || :
@ -137,6 +139,9 @@ make test
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Wed Dec 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-4
- fix the CVE-2022-46908
* Wed Sep 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-3 * Wed Sep 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-3
- fix build problem - fix build problem