Skip to content

Commit de15b76

Browse files
henryli001henryli001
authored
[2.0] Fix sqlite CVE-2023-7104 (#7251)
Co-authored-by: Henry Li <lihl@microsoft.com>
1 parent acbb4aa commit de15b76

6 files changed

Lines changed: 50 additions & 15 deletions

File tree

SPECS/sqlite/CVE-2023-7104.patch

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
diff --git a/sqlite3.c b/sqlite3.c
2+
index b8f98c7..158d416 100644
3+
--- a/sqlite3.c
4+
+++ b/sqlite3.c
5+
@@ -215603,15 +215603,19 @@ static int sessionReadRecord(
6+
}
7+
}
8+
if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
9+
- sqlite3_int64 v = sessionGetI64(aVal);
10+
- if( eType==SQLITE_INTEGER ){
11+
- sqlite3VdbeMemSetInt64(apOut[i], v);
12+
+ if( (pIn->nData-pIn->iNext)<8 ){
13+
+ rc = SQLITE_CORRUPT_BKPT;
14+
}else{
15+
- double d;
16+
- memcpy(&d, &v, 8);
17+
- sqlite3VdbeMemSetDouble(apOut[i], d);
18+
+ sqlite3_int64 v = sessionGetI64(aVal);
19+
+ if( eType==SQLITE_INTEGER ){
20+
+ sqlite3VdbeMemSetInt64(apOut[i], v);
21+
+ }else{
22+
+ double d;
23+
+ memcpy(&d, &v, 8);
24+
+ sqlite3VdbeMemSetDouble(apOut[i], d);
25+
+ }
26+
+ pIn->iNext += 8;
27+
}
28+
- pIn->iNext += 8;
29+
}
30+
}
31+
}

SPECS/sqlite/sqlite.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Summary: A portable, high level programming interface to various calling conventions
33
Name: sqlite
44
Version: 3.39.2
5-
Release: 2%{?dist}
5+
Release: 3%{?dist}
66
License: Public Domain
77
Vendor: Microsoft Corporation
88
Distribution: Mariner
@@ -12,6 +12,7 @@ Source0: https://www.sqlite.org/2022/%{name}-autoconf-%{sourcever}.tar.gz
1212
# CVE-2015-3717 applies to versions shipped in iOS and OS X
1313
Patch0: CVE-2015-3717.nopatch
1414
Patch1: CVE-2022-46908.patch
15+
Patch2: CVE-2023-7104.patch
1516
Requires: sqlite-libs = %{version}-%{release}
1617
Provides: sqlite3
1718

@@ -82,6 +83,9 @@ make %{?_smp_mflags} check
8283
%{_libdir}/libsqlite3.so.0.8.6
8384

8485
%changelog
86+
* Tue Jan 09 2024 Henry Li <lihl@microsoft.com> - 3.39.2-3
87+
- Address CVE-2023-7104
88+
8589
* Tue Dec 13 2022 Daniel McIlvaney <damcilva@microsoft.com> - 3.39.2-2
8690
- Address CVE-2022-46908
8791

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -84,9 +84,9 @@ bison-3.7.6-2.cm2.aarch64.rpm
8484
popt-1.18-1.cm2.aarch64.rpm
8585
popt-devel-1.18-1.cm2.aarch64.rpm
8686
popt-lang-1.18-1.cm2.aarch64.rpm
87-
sqlite-3.39.2-2.cm2.aarch64.rpm
88-
sqlite-devel-3.39.2-2.cm2.aarch64.rpm
89-
sqlite-libs-3.39.2-2.cm2.aarch64.rpm
87+
sqlite-3.39.2-3.cm2.aarch64.rpm
88+
sqlite-devel-3.39.2-3.cm2.aarch64.rpm
89+
sqlite-libs-3.39.2-3.cm2.aarch64.rpm
9090
elfutils-0.186-2.cm2.aarch64.rpm
9191
elfutils-default-yama-scope-0.186-2.cm2.noarch.rpm
9292
elfutils-devel-0.186-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -84,9 +84,9 @@ bison-3.7.6-2.cm2.x86_64.rpm
8484
popt-1.18-1.cm2.x86_64.rpm
8585
popt-devel-1.18-1.cm2.x86_64.rpm
8686
popt-lang-1.18-1.cm2.x86_64.rpm
87-
sqlite-3.39.2-2.cm2.x86_64.rpm
88-
sqlite-devel-3.39.2-2.cm2.x86_64.rpm
89-
sqlite-libs-3.39.2-2.cm2.x86_64.rpm
87+
sqlite-3.39.2-3.cm2.x86_64.rpm
88+
sqlite-devel-3.39.2-3.cm2.x86_64.rpm
89+
sqlite-libs-3.39.2-3.cm2.x86_64.rpm
9090
elfutils-0.186-2.cm2.x86_64.rpm
9191
elfutils-default-yama-scope-0.186-2.cm2.noarch.rpm
9292
elfutils-devel-0.186-2.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -548,10 +548,10 @@ sed-lang-4.8-3.cm2.aarch64.rpm
548548
slang-2.3.2-4.cm2.aarch64.rpm
549549
slang-debuginfo-2.3.2-4.cm2.aarch64.rpm
550550
slang-devel-2.3.2-4.cm2.aarch64.rpm
551-
sqlite-3.39.2-2.cm2.aarch64.rpm
552-
sqlite-debuginfo-3.39.2-2.cm2.aarch64.rpm
553-
sqlite-devel-3.39.2-2.cm2.aarch64.rpm
554-
sqlite-libs-3.39.2-2.cm2.aarch64.rpm
551+
sqlite-3.39.2-3.cm2.aarch64.rpm
552+
sqlite-debuginfo-3.39.2-3.cm2.aarch64.rpm
553+
sqlite-devel-3.39.2-3.cm2.aarch64.rpm
554+
sqlite-libs-3.39.2-3.cm2.aarch64.rpm
555555
swig-4.0.2-3.cm2.aarch64.rpm
556556
swig-debuginfo-4.0.2-3.cm2.aarch64.rpm
557557
systemd-bootstrap-250.3-12.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -548,10 +548,10 @@ sed-lang-4.8-3.cm2.x86_64.rpm
548548
slang-2.3.2-4.cm2.x86_64.rpm
549549
slang-debuginfo-2.3.2-4.cm2.x86_64.rpm
550550
slang-devel-2.3.2-4.cm2.x86_64.rpm
551-
sqlite-3.39.2-2.cm2.x86_64.rpm
552-
sqlite-debuginfo-3.39.2-2.cm2.x86_64.rpm
553-
sqlite-devel-3.39.2-2.cm2.x86_64.rpm
554-
sqlite-libs-3.39.2-2.cm2.x86_64.rpm
551+
sqlite-3.39.2-3.cm2.x86_64.rpm
552+
sqlite-debuginfo-3.39.2-3.cm2.x86_64.rpm
553+
sqlite-devel-3.39.2-3.cm2.x86_64.rpm
554+
sqlite-libs-3.39.2-3.cm2.x86_64.rpm
555555
swig-4.0.2-3.cm2.x86_64.rpm
556556
swig-debuginfo-4.0.2-3.cm2.x86_64.rpm
557557
systemd-bootstrap-250.3-12.cm2.x86_64.rpm

0 commit comments

Comments
 (0)