main/sqlite: fix CVE-2019-8457

Fixes #10540
author: Leo <thinkabit.ukim@gmail.com> 2019-07-23 21:09:30 -0300
committer: Natanael Copa <ncopa@alpinelinux.org> 2019-07-24 08:46:34 +0200
commit: 5752dce56c5b51a712767fdf310254e6782c50b7 (patch)
tree: fec981fa71b1ead169f10d65522cac008ccea6f4 /main
parent: cea68283f6fb219e133352b64b4e2f39cc002604 (diff)
download: aports-5752dce56c5b51a712767fdf310254e6782c50b7.tar.bz2
aports-5752dce56c5b51a712767fdf310254e6782c50b7.tar.xz
2 files changed, 83 insertions, 9 deletions
diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD
index ee26f82e4c..8ffc5f8737 100644
--- a/main/sqlite/APKBUILD
+++ b/main/sqlite/APKBUILD
@@ -2,8 +2,12 @@
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 #
 # secfixes:
+#   3.25.3-r1:
+#     - CVE-2019-8457
+#   3.25.3-r0:
+#     - CVE-2018-20346
 #   3.21.0-r1:
-#   - CVE-2018-8740
+#     - CVE-2018-8740
 #
 pkgname=sqlite
 pkgver=3.25.3
@@ -22,7 +26,7 @@ esac
 [ $_d -lt 10 ] && _d=0$_d
 _ver=${_a}${_b}${_c}${_d}
 
-pkgrel=0
+pkgrel=1
 pkgdesc="A C library that implements an SQL database engine"
 url="http://www.sqlite.org/"
 arch="all"
@@ -30,9 +34,11 @@ options="!check"
 license="custom"
 depends=""
 makedepends="readline-dev"
-source="http://www.sqlite.org/2018/$pkgname-autoconf-$_ver.tar.gz
-	license.txt"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-libs"
+source="http://www.sqlite.org/2018/$pkgname-autoconf-$_ver.tar.gz
+	license.txt
+	CVE-2019-8457.patch
+	"
 
 _amalgamation="-DSQLITE_ENABLE_FTS4 \
 	-DSQLITE_ENABLE_FTS3_PARENTHESIS \
@@ -48,10 +54,6 @@ _amalgamation="-DSQLITE_ENABLE_FTS4 \
 
 builddir="$srcdir/$pkgname-autoconf-$_ver"
 
-# secfixes:
-#   3.25.3-r0:
-#   - CVE-2018-20346
-
 build() {
 	cd "$builddir"
 	export CFLAGS="$CFLAGS $_amalgamation"
@@ -88,4 +90,5 @@ libs() {
 }
 
 sha512sums="5bc501d15367e097f4070185974b0c3a8246c06b205fb2258ed18870ff3fbf120ac5e0ba031a6744af89f7659206e28e7de2f0367bdb190b8412e453b43de4ba  sqlite-autoconf-3250300.tar.gz
-5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9  license.txt"
+5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9  license.txt
+ab795b18d5426ff9ccad20f413de4f46fce7b532ebbf72dfbafc7db2d2e46453541abe992535c7aea598ec69c8557b477008e58299e3426afd2e8ab458c859e4  CVE-2019-8457.patch"
diff --git a/main/sqlite/CVE-2019-8457.patch b/main/sqlite/CVE-2019-8457.patch
new file mode 100644
index 0000000000..de1e30a2c5
--- /dev/null
+++ b/main/sqlite/CVE-2019-8457.patch
@@ -0,0 +1,71 @@
+diff --git a/sqlite3.c b/sqlite3.c
+index c607252..2c133c5 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -181825,49 +181825,46 @@ rtreeInit_fail:
+ ** <num-dimension>*2 coordinates.
+ */
+ static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
+-  char *zText = 0;
+   RtreeNode node;
+   Rtree tree;
+   int ii;
++  int nData;
++  int errCode;
++  sqlite3_str *pOut;
+ 
+   UNUSED_PARAMETER(nArg);
+   memset(&node, 0, sizeof(RtreeNode));
+   memset(&tree, 0, sizeof(Rtree));
+   tree.nDim = (u8)sqlite3_value_int(apArg[0]);
++  if( tree.nDim<1 || tree.nDim>5 ) return;
+   tree.nDim2 = tree.nDim*2;
+   tree.nBytesPerCell = 8 + 8 * tree.nDim;
+   node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
++  nData = sqlite3_value_bytes(apArg[1]);
++  if( nData<4 ) return;
++  if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
+ 
++  pOut = sqlite3_str_new(0);
+   for(ii=0; ii<NCELL(&node); ii++){
+-    char zCell[512];
+-    int nCell = 0;
+     RtreeCell cell;
+     int jj;
+ 
+     nodeGetCell(&tree, &node, ii, &cell);
+-    sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
+-    nCell = (int)strlen(zCell);
++	if( ii>0 ) sqlite3_str_append(pOut, " ", 1);
++	sqlite3_str_appendf(pOut, "{%lld", cell.iRowid);
+     for(jj=0; jj<tree.nDim2; jj++){
+ #ifndef SQLITE_RTREE_INT_ONLY
+-      sqlite3_snprintf(512-nCell,&zCell[nCell], " %g",
+-                       (double)cell.aCoord[jj].f);
++    sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f);
+ #else
+-      sqlite3_snprintf(512-nCell,&zCell[nCell], " %d",
+-                       cell.aCoord[jj].i);
++	sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i);
+ #endif
+-      nCell = (int)strlen(zCell);
+-    }
+-
+-    if( zText ){
+-      char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
+-      sqlite3_free(zText);
+-      zText = zTextNew;
+-    }else{
+-      zText = sqlite3_mprintf("{%s}", zCell);
+     }
++	sqlite3_str_append(pOut, "}", 1);
+   }
+   
+-  sqlite3_result_text(ctx, zText, -1, sqlite3_free);
++  errCode = sqlite3_str_errcode(pOut);
++  sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
++  sqlite3_result_error_code(ctx, errCode);
+ }
+ 
+ /* This routine implements an SQL function that returns the "depth" parameter
+
author	Leo <thinkabit.ukim@gmail.com>	2019-07-23 21:09:30 -0300
committer	Natanael Copa <ncopa@alpinelinux.org>	2019-07-24 08:46:34 +0200
commit	5752dce56c5b51a712767fdf310254e6782c50b7 (patch)
tree	fec981fa71b1ead169f10d65522cac008ccea6f4 /main
parent	cea68283f6fb219e133352b64b4e2f39cc002604 (diff)
download	aports-5752dce56c5b51a712767fdf310254e6782c50b7.tar.bz2 aports-5752dce56c5b51a712767fdf310254e6782c50b7.tar.xz