Fix CVE-2019-19603 in SQLite
This includes the patch needed to fix this CVE and a supporting one to include a new function added that it depends on. Task-number: QTBUG-80903 Change-Id: Ic7639d50c89a3ee7d45426588c3ab0efd0eebb72 Reviewed-by: Christian Ehrlicher <ch.ehrlicher@gmx.de> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit a75d238b3194ae4973be7f6ce0508a526d4aa49e)
This commit is contained in:
Andy Shaw
parent
5839535c9f
commit
1253069f65
95
src/3rdparty/sqlite/patches/0003-Fix-CVE-2019-19603-in-SQLite.patch
vendored
Normal file
95
src/3rdparty/sqlite/patches/0003-Fix-CVE-2019-19603-in-SQLite.patch
vendored
Normal file
@ -0,0 +1,95 @@
|
||||
From 11a2f4647b67494fb731a6fd793f1b28074631d3 Mon Sep 17 00:00:00 2001
|
||||
From: Andy Shaw <andy.shaw@qt.io>
|
||||
Date: Thu, 19 Dec 2019 22:31:15 +0100
|
||||
Subject: [PATCH] Fix CVE-2019-19603 in SQLite
|
||||
|
||||
This includes the patch needed to fix this CVE and a supporting one to
|
||||
include a new function added that it depends on.
|
||||
|
||||
Task-number: QTBUG-80903
|
||||
Change-Id: Ic7639d50c89a3ee7d45426588c3ab0efd0eebb72
|
||||
---
|
||||
src/3rdparty/sqlite/sqlite3.c | 32 ++++++++++++++++++++++++++------
|
||||
1 file changed, 26 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c
|
||||
index d3e0c065b6..a430554db7 100644
|
||||
--- a/src/3rdparty/sqlite/sqlite3.c
|
||||
+++ b/src/3rdparty/sqlite/sqlite3.c
|
||||
@@ -19519,6 +19519,12 @@ SQLITE_PRIVATE Module *sqlite3VtabCreateModule(
|
||||
);
|
||||
# define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0)
|
||||
#endif
|
||||
+SQLITE_PRIVATE int sqlite3ReadOnlyShadowTables(sqlite3 *db);
|
||||
+#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
+SQLITE_PRIVATE int sqlite3ShadowTableName(sqlite3 *db, const char *zName);
|
||||
+#else
|
||||
+# define sqlite3ShadowTableName(A,B) 0
|
||||
+#endif
|
||||
SQLITE_PRIVATE int sqlite3VtabEponymousTableInit(Parse*,Module*);
|
||||
SQLITE_PRIVATE void sqlite3VtabEponymousTableClear(sqlite3*,Module*);
|
||||
SQLITE_PRIVATE void sqlite3VtabMakeWritable(Parse*,Table*);
|
||||
@@ -108483,6 +108489,22 @@ SQLITE_PRIVATE int sqlite3WritableSchema(sqlite3 *db){
|
||||
return (db->flags&(SQLITE_WriteSchema|SQLITE_Defensive))==SQLITE_WriteSchema;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ ** Return TRUE if shadow tables should be read-only in the current
|
||||
+ ** context.
|
||||
+ */
|
||||
+int sqlite3ReadOnlyShadowTables(sqlite3 *db){
|
||||
+#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
+ if( (db->flags & SQLITE_Defensive)!=0
|
||||
+ && db->pVtabCtx==0
|
||||
+ && db->nVdbeExec==0
|
||||
+ ){
|
||||
+ return 1;
|
||||
+ }
|
||||
+#endif
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
** This routine is used to check if the UTF-8 string zName is a legal
|
||||
** unqualified name for a new schema object (table, index, view or
|
||||
@@ -108516,8 +108538,8 @@ SQLITE_PRIVATE int sqlite3CheckObjectName(
|
||||
}
|
||||
}
|
||||
}else{
|
||||
- if( pParse->nested==0
|
||||
- && 0==sqlite3StrNICmp(zName, "sqlite_", 7)
|
||||
+ if( (pParse->nested==0 && 0==sqlite3StrNICmp(zName, "sqlite_", 7))
|
||||
+ || (sqlite3ReadOnlyShadowTables(db) && sqlite3ShadowTableName(db, zName))
|
||||
){
|
||||
sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s",
|
||||
zName);
|
||||
@@ -109662,7 +109684,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
|
||||
** zName is temporarily modified while this routine is running, but is
|
||||
** restored to its original value prior to this routine returning.
|
||||
*/
|
||||
-static int isShadowTableName(sqlite3 *db, char *zName){
|
||||
+int sqlite3ShadowTableName(sqlite3 *db, const char *zName){
|
||||
char *zTail; /* Pointer to the last "_" in zName */
|
||||
Table *pTab; /* Table that zName is a shadow of */
|
||||
Module *pMod; /* Module for the virtual table */
|
||||
@@ -109680,8 +109702,6 @@ static int isShadowTableName(sqlite3 *db, char *zName){
|
||||
if( pMod->pModule->xShadowName==0 ) return 0;
|
||||
return pMod->pModule->xShadowName(zTail+1);
|
||||
}
|
||||
-#else
|
||||
-# define isShadowTableName(x,y) 0
|
||||
#endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
|
||||
|
||||
/*
|
||||
@@ -109723,7 +109743,7 @@ SQLITE_PRIVATE void sqlite3EndTable(
|
||||
p = pParse->pNewTable;
|
||||
if( p==0 ) return;
|
||||
|
||||
- if( pSelect==0 && isShadowTableName(db, p->zName) ){
|
||||
+ if( pSelect==0 && sqlite3ShadowTableName(db, p->zName) ){
|
||||
p->tabFlags |= TF_Shadow;
|
||||
}
|
||||
|
||||
--
|
||||
2.21.0 (Apple Git-122.2)
|
||||
|
||||
32
src/3rdparty/sqlite/sqlite3.c
vendored
32
src/3rdparty/sqlite/sqlite3.c
vendored
@ -19519,6 +19519,12 @@ SQLITE_PRIVATE Module *sqlite3VtabCreateModule(
|
||||
);
|
||||
# define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0)
|
||||
#endif
|
||||
SQLITE_PRIVATE int sqlite3ReadOnlyShadowTables(sqlite3 *db);
|
||||
#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
SQLITE_PRIVATE int sqlite3ShadowTableName(sqlite3 *db, const char *zName);
|
||||
#else
|
||||
# define sqlite3ShadowTableName(A,B) 0
|
||||
#endif
|
||||
SQLITE_PRIVATE int sqlite3VtabEponymousTableInit(Parse*,Module*);
|
||||
SQLITE_PRIVATE void sqlite3VtabEponymousTableClear(sqlite3*,Module*);
|
||||
SQLITE_PRIVATE void sqlite3VtabMakeWritable(Parse*,Table*);
|
||||
@ -108483,6 +108489,22 @@ SQLITE_PRIVATE int sqlite3WritableSchema(sqlite3 *db){
|
||||
return (db->flags&(SQLITE_WriteSchema|SQLITE_Defensive))==SQLITE_WriteSchema;
|
||||
}
|
||||
|
||||
/*
|
||||
** Return TRUE if shadow tables should be read-only in the current
|
||||
** context.
|
||||
*/
|
||||
int sqlite3ReadOnlyShadowTables(sqlite3 *db){
|
||||
#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
if( (db->flags & SQLITE_Defensive)!=0
|
||||
&& db->pVtabCtx==0
|
||||
&& db->nVdbeExec==0
|
||||
){
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
** This routine is used to check if the UTF-8 string zName is a legal
|
||||
** unqualified name for a new schema object (table, index, view or
|
||||
@ -108516,8 +108538,8 @@ SQLITE_PRIVATE int sqlite3CheckObjectName(
|
||||
}
|
||||
}
|
||||
}else{
|
||||
if( pParse->nested==0
|
||||
&& 0==sqlite3StrNICmp(zName, "sqlite_", 7)
|
||||
if( (pParse->nested==0 && 0==sqlite3StrNICmp(zName, "sqlite_", 7))
|
||||
|| (sqlite3ReadOnlyShadowTables(db) && sqlite3ShadowTableName(db, zName))
|
||||
){
|
||||
sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s",
|
||||
zName);
|
||||
@ -109662,7 +109684,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
|
||||
** zName is temporarily modified while this routine is running, but is
|
||||
** restored to its original value prior to this routine returning.
|
||||
*/
|
||||
static int isShadowTableName(sqlite3 *db, char *zName){
|
||||
int sqlite3ShadowTableName(sqlite3 *db, const char *zName){
|
||||
char *zTail; /* Pointer to the last "_" in zName */
|
||||
Table *pTab; /* Table that zName is a shadow of */
|
||||
Module *pMod; /* Module for the virtual table */
|
||||
@ -109680,8 +109702,6 @@ static int isShadowTableName(sqlite3 *db, char *zName){
|
||||
if( pMod->pModule->xShadowName==0 ) return 0;
|
||||
return pMod->pModule->xShadowName(zTail+1);
|
||||
}
|
||||
#else
|
||||
# define isShadowTableName(x,y) 0
|
||||
#endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
|
||||
|
||||
/*
|
||||
@ -109723,7 +109743,7 @@ SQLITE_PRIVATE void sqlite3EndTable(
|
||||
p = pParse->pNewTable;
|
||||
if( p==0 ) return;
|
||||
|
||||
if( pSelect==0 && isShadowTableName(db, p->zName) ){
|
||||
if( pSelect==0 && sqlite3ShadowTableName(db, p->zName) ){
|
||||
p->tabFlags |= TF_Shadow;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user