!49 Fix the CVE-2021-36690.

From: @wbq_sky Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop
2021-11-27 09:13:46 +00:00 · 2021-11-27 09:13:46 +00:00 · ae04b38c7e
commit ae04b38c7e
parent fa6537c498 281ace3ce4
2 changed files with 53 additions and 4 deletions
--- a/0003-CVE-2021-36690.patch
+++ b/0003-CVE-2021-36690.patch
@ -0,0 +1,44 @@
+diff -rNu a/ext/expert/sqlite3expert.c b/ext/expert/sqlite3expert.c
+--- a/ext/expert/sqlite3expert.c	2021-11-25 09:00:19.267831518 +0800
+++ b/ext/expert/sqlite3expert.c	2021-11-25 09:07:38.551969861 +0800
+@@ -690,11 +690,13 @@
+   rc = idxPrintfPrepareStmt(db, &p1, pzErrmsg, "PRAGMA table_xinfo=%Q", zTab);
+   while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
+     const char *zCol = (const char*)sqlite3_column_text(p1, 1);
+    const char *zColSeq = 0;
+     nByte += 1 + STRLEN(zCol);
+     rc = sqlite3_table_column_metadata(
+-        db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
+        db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
+     );
+-    nByte += 1 + STRLEN(zCol);
+    if( zColSeq==0 ) zColSeq = "binary";
+    nByte += 1 + STRLEN(zColSeq);
+     nCol++;
+     nPk += (sqlite3_column_int(p1, 5)>0);
+   }
+@@ -714,6 +716,7 @@
+   nCol = 0;
+   while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
+     const char *zCol = (const char*)sqlite3_column_text(p1, 1);
+    const char *zColSeq = 0;
+     int nCopy = STRLEN(zCol) + 1;
+     pNew->aCol[nCol].zName = pCsr;
+     pNew->aCol[nCol].iPk = (sqlite3_column_int(p1, 5)==1 && nPk==1);
+@@ -721,12 +724,13 @@
+     pCsr += nCopy;
+ 
+     rc = sqlite3_table_column_metadata(
+-        db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
+        db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
+     );
+     if( rc==SQLITE_OK ){
+-      nCopy = STRLEN(zCol) + 1;
+      if( zColSeq==0 ) zColSeq = "binary";
+      nCopy = STRLEN(zColSeq) + 1;
+       pNew->aCol[nCol].zColl = pCsr;
+-      memcpy(pCsr, zCol, nCopy);
+      memcpy(pCsr, zColSeq, nCopy);
+       pCsr += nCopy;
+     }
+ 
--- a/sqlite.spec
+++ b/sqlite.spec
@ -6,17 +6,18 @@

 Name:    sqlite
 Version: 3.36.0
-Release: 1
+Release: 2
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/

-Source0: https://www.sqlite.org/2020/sqlite-src-%{extver}.zip
-Source1: http://www.sqlite.org/2020/sqlite-doc-%{extver}.zip
-Source2: https://www.sqlite.org/2020/sqlite-autoconf-%{extver}.tar.gz
+Source0: https://www.sqlite.org/2021/sqlite-src-%{extver}.zip
+Source1: http://www.sqlite.org/2021/sqlite-doc-%{extver}.zip
+Source2: https://www.sqlite.org/2021/sqlite-autoconf-%{extver}.tar.gz

 Patch1: 0001-sqlite-no-malloc-usable-size.patch
 Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
+Patch3: 0003-CVE-2021-36690.patch

 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@ -61,6 +62,7 @@ This contains man files and HTML files for the using of sqlite.
 %setup -q -a1 -n %{name}-src-%{extver}
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 rm -f %{name}-doc-%{extver}/sqlite.css~ || :

@ -131,6 +133,9 @@ make test
 %{_mandir}/man*/*

 %changelog
+* Fri Nov 27 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-2
+- fix the CVE-2021-36690.
+
 * Fri Nov 25 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-1
 - update to 3.36.0.