fix CVE-2023-36191
Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
This commit is contained in:
zwtmichael
parent
3b8ef70260
commit
d5a9995a67
32
0007-CVE-2023-36191.patch
Normal file
32
0007-CVE-2023-36191.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 1b2901722e5de3ef8d29edb4481327e48bd3363c Mon Sep 17 00:00:00 2001
|
||||
From: zwtmichael <zhuwentao5@huawei.com>
|
||||
Date: Mon, 7 Aug 2023 15:10:32 +0800
|
||||
Subject: [PATCH] fix segmentation violation
|
||||
|
||||
Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
|
||||
---
|
||||
src/shell.c.in | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/shell.c.in b/src/shell.c.in
|
||||
index 543141c..d278988 100644
|
||||
--- a/src/shell.c.in
|
||||
+++ b/src/shell.c.in
|
||||
@@ -11469,8 +11469,12 @@ int SQLITE_CDECL wmain(int argc, wchar_t **wargv){
|
||||
}else if( strcmp(z,"-bail")==0 ){
|
||||
bail_on_error = 1;
|
||||
}else if( strcmp(z,"-nonce")==0 ){
|
||||
- free(data.zNonce);
|
||||
- data.zNonce = strdup(argv[++i]);
|
||||
+ if( data.zNonce ) free(data.zNonce);
|
||||
+ if( i+1 < argc ) data.zNonce = strdup(argv[++i]);
|
||||
+ else{
|
||||
+ data.zNonce = 0;
|
||||
+ break;
|
||||
+ }
|
||||
}else if( strcmp(z,"-safe")==0 ){
|
||||
/* no-op - catch this on the second pass */
|
||||
}
|
||||
--
|
||||
2.34.1.windows.1
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
|
||||
Name: sqlite
|
||||
Version: 3.37.2
|
||||
Release: 5
|
||||
Release: 6
|
||||
Summary: Embeded SQL database
|
||||
License: Public Domain
|
||||
URL: http://www.sqlite.org/
|
||||
@ -21,6 +21,7 @@ Patch3: 0003-CVE-2022-35737.patch
|
||||
Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch
|
||||
Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch
|
||||
Patch6: 0006-CVE-2022-46908.patch
|
||||
Patch7: 0007-CVE-2023-36191.patch
|
||||
|
||||
BuildRequires: gcc autoconf tcl tcl-devel
|
||||
BuildRequires: ncurses-devel readline-devel glibc-devel
|
||||
@ -69,6 +70,7 @@ This contains man files and HTML files for the using of sqlite.
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
rm -f %{name}-doc-%{extver}/sqlite.css~ || :
|
||||
|
||||
@ -143,6 +145,9 @@ make test
|
||||
%{_mandir}/man*/*
|
||||
|
||||
%changelog
|
||||
* Mon Aug 7 2023 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-6
|
||||
- fix the CVE-2023-36191
|
||||
|
||||
* Fri Jan 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.37.2-5
|
||||
- remove fail testcase for loongarch
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user