56 lines
1.7 KiB
Diff
56 lines
1.7 KiB
Diff
From 54d501092d88c0cf89bec4279951f548fb0b8618 Mon Sep 17 00:00:00 2001
|
|
From: drh <drh@noemail.net>
|
|
Date: Thu, 19 Dec 2019 15:15:40 +0000
|
|
Subject: [PATCH] Fix CVE-2019-19925
|
|
Fix the zipfile extension so that INSERT works even if the
|
|
pathname of the file being inserted is a NULL. Bug discovered by the
|
|
Yongheng and Rui fuzzer.
|
|
|
|
FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06
|
|
|
|
Change by Weifeng <suweifeng1@huawei.com>:
|
|
Fit for version 3.24.0
|
|
---
|
|
ext/misc/zipfile.c | 1 +
|
|
test/zipfile.test | 13 +++++++++++++
|
|
2 files changed, 14 insertions(+)
|
|
|
|
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
|
|
index 9f2258e..01cd0ca 100644
|
|
--- a/ext/misc/zipfile.c
|
|
+++ b/ext/misc/zipfile.c
|
|
@@ -1617,6 +1617,7 @@ static int zipfileUpdate(
|
|
|
|
if( rc==SQLITE_OK ){
|
|
zPath = (const char*)sqlite3_value_text(apVal[2]);
|
|
+ if( zPath==0 ) zPath = "";
|
|
nPath = (int)strlen(zPath);
|
|
mTime = zipfileGetTime(apVal[4]);
|
|
}
|
|
diff --git a/test/zipfile.test b/test/zipfile.test
|
|
index ebc4977..abf432c 100644
|
|
--- a/test/zipfile.test
|
|
+++ b/test/zipfile.test
|
|
@@ -761,4 +761,17 @@ do_execsql_test 11.11 {
|
|
SELECT name, data FROM z ORDER BY name;
|
|
} {b0suffix two b2suffix one}
|
|
|
|
+# 2019-12-18 Yongheng and Rui fuzzer
|
|
+#
|
|
+do_execsql_test 13.10 {
|
|
+ DROP TABLE IF EXISTS t0;
|
|
+ DROP TABLE IF EXISTS t1;
|
|
+ CREATE TABLE t0(a,b,c,d,e,f,g);
|
|
+ REPLACE INTO t0(c,b,f) VALUES(10,10,10);
|
|
+ CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
|
|
+ REPLACE INTO t1 SELECT * FROM t0;
|
|
+ SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
|
|
+ quote(data),quote(method) FROM t1;
|
|
+} {'' 10 10 2 X'3130' X'3130' 0}
|
|
+
|
|
finish_test
|
|
--
|
|
2.19.1
|
|
|
|
|