kumquat-buildroot/package/sqlite/0001-CVE-2017-13685.patch

Fix CVE-2017-13685

The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a
denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.

Patch taken from Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873762

Upstream issue: https://sqlite.org/src/info/02f0f4c54f2819b3

Signed-off-by: Baruch Siach <baruch@tkos.co.il>

Index: src/shell.c
==================================================================
--- src/shell.c
+++ src/shell.c
@@ -2657,10 +2657,11 @@
   int *aiType      /* Column types */
 ){
   int i;
   ShellState *p = (ShellState*)pArg;
 
+  if( azArg==0 ) return 0;
   switch( p->cMode ){
     case MODE_Line: {
       int w = 5;
       if( azArg==0 ) break;
       for(i=0; i<nArg; i++){
@@ -3007,10 +3008,11 @@
 */
 static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){
   ShellText *p = (ShellText*)pArg;
   int i;
   UNUSED_PARAMETER(az);
+  if( azArg==0 ) return 0;
   if( p->n ) appendText(p, "|", 0);
   for(i=0; i<nArg; i++){
     if( i ) appendText(p, ",", 0);
     if( azArg[i] ) appendText(p, azArg[i], 0);
   }
@@ -3888,11 +3890,11 @@
   const char *zType;
   const char *zSql;
   ShellState *p = (ShellState *)pArg;
 
   UNUSED_PARAMETER(azNotUsed);
-  if( nArg!=3 ) return 1;
+  if( nArg!=3 || azArg==0 ) return 0;
   zTable = azArg[0];
   zType = azArg[1];
   zSql = azArg[2];
 
   if( strcmp(zTable, "sqlite_sequence")==0 ){
sqlite: add security patches CVE-2017-13685: The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. CVE-2017-15286: SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-10-22 16:00:08 +02:00			`Fix CVE-2017-13685`

			`The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a`
			`denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.`

			`Patch taken from Debian:`
			`https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873762`

			`Upstream issue: https://sqlite.org/src/info/02f0f4c54f2819b3`

			`Signed-off-by: Baruch Siach <baruch@tkos.co.il>`

			`Index: src/shell.c`
			`==================================================================`
			`--- src/shell.c`
			`+++ src/shell.c`
			`@@ -2657,10 +2657,11 @@`
			`int aiType / Column types */`
			`){`
			`int i;`
			`ShellState p = (ShellState)pArg;`

			`+ if( azArg==0 ) return 0;`
			`switch( p->cMode ){`
			`case MODE_Line: {`
			`int w = 5;`
			`if( azArg==0 ) break;`
			`for(i=0; i<nArg; i++){`
			`@@ -3007,10 +3008,11 @@`
			`*/`
			`static int captureOutputCallback(void pArg, int nArg, char azArg, char *az){`
			`ShellText p = (ShellText)pArg;`
			`int i;`
			`UNUSED_PARAMETER(az);`
			`+ if( azArg==0 ) return 0;`
			`if( p->n ) appendText(p, "\|", 0);`
			`for(i=0; i<nArg; i++){`
			`if( i ) appendText(p, ",", 0);`
			`if( azArg[i] ) appendText(p, azArg[i], 0);`
			`}`
			`@@ -3888,11 +3890,11 @@`
			`const char *zType;`
			`const char *zSql;`
			`ShellState p = (ShellState )pArg;`

			`UNUSED_PARAMETER(azNotUsed);`
			`- if( nArg!=3 ) return 1;`
			`+ if( nArg!=3 \|\| azArg==0 ) return 0;`
			`zTable = azArg[0];`
			`zType = azArg[1];`
			`zSql = azArg[2];`

			`if( strcmp(zTable, "sqlite_sequence")==0 ){`