d3c96bd5a6
CVE-2017-13685: The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. CVE-2017-15286: SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
29 lines
791 B
Diff
29 lines
791 B
Diff
Fix CVE-2017-15286
|
|
|
|
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c
|
|
because it fails to consider certain cases where
|
|
`sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never
|
|
initialized.
|
|
|
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878680
|
|
|
|
Upstream commit: http://www.sqlite.org/src/info/5d0ceb8dcdef92cd
|
|
|
|
Index: src/shell.c
|
|
==================================================================
|
|
--- src/shell.c
|
|
+++ src/shell.c
|
|
@@ -3807,10 +3807,11 @@
|
|
isIPK = 0;
|
|
}
|
|
}
|
|
}
|
|
sqlite3_finalize(pStmt);
|
|
+ if( azCol==0 ) return 0;
|
|
azCol[0] = 0;
|
|
azCol[nCol+1] = 0;
|
|
|
|
/* The decision of whether or not a rowid really needs to be preserved
|
|
** is tricky. We never need to preserve a rowid for a WITHOUT ROWID table
|
|
|