|
|
@@ -0,0 +1,57 @@
|
|
|
+Fix CVE-2017-13685
|
|
|
+
|
|
|
+The dump_callback function in SQLite 3.20.0 allows remote attackers to
|
|
|
+cause a denial of service (EXC_BAD_ACCESS and application crash) via a
|
|
|
+crafted file.
|
|
|
+
|
|
|
+References:
|
|
|
+https://sqlite.org/src/info/02f0f4c54f2819b3
|
|
|
+http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
|
|
|
+
|
|
|
+Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149]
|
|
|
+
|
|
|
+CVE: CVE-2017-13685
|
|
|
+
|
|
|
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
|
+
|
|
|
+Index: src/shell.c
|
|
|
+==================================================================
|
|
|
+--- src/shell.c
|
|
|
++++ src/shell.c
|
|
|
+@@ -2657,10 +2657,11 @@
|
|
|
+ int *aiType /* Column types */
|
|
|
+ ){
|
|
|
+ int i;
|
|
|
+ ShellState *p = (ShellState*)pArg;
|
|
|
+
|
|
|
++ if( azArg==0 ) return 0;
|
|
|
+ switch( p->cMode ){
|
|
|
+ case MODE_Line: {
|
|
|
+ int w = 5;
|
|
|
+ if( azArg==0 ) break;
|
|
|
+ for(i=0; i<nArg; i++){
|
|
|
+@@ -3007,10 +3008,11 @@
|
|
|
+ */
|
|
|
+ static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){
|
|
|
+ ShellText *p = (ShellText*)pArg;
|
|
|
+ int i;
|
|
|
+ UNUSED_PARAMETER(az);
|
|
|
++ if( azArg==0 ) return 0;
|
|
|
+ if( p->n ) appendText(p, "|", 0);
|
|
|
+ for(i=0; i<nArg; i++){
|
|
|
+ if( i ) appendText(p, ",", 0);
|
|
|
+ if( azArg[i] ) appendText(p, azArg[i], 0);
|
|
|
+ }
|
|
|
+@@ -3888,11 +3890,11 @@
|
|
|
+ const char *zType;
|
|
|
+ const char *zSql;
|
|
|
+ ShellState *p = (ShellState *)pArg;
|
|
|
+
|
|
|
+ UNUSED_PARAMETER(azNotUsed);
|
|
|
+- if( nArg!=3 ) return 1;
|
|
|
++ if( nArg!=3 || azArg==0 ) return 0;
|
|
|
+ zTable = azArg[0];
|
|
|
+ zType = azArg[1];
|
|
|
+ zSql = azArg[2];
|
|
|
+
|
|
|
+ if( strcmp(zTable, "sqlite_sequence")==0 ){
|
Wenzong Fan