diff options
| -rw-r--r-- | src/3rdparty/sqlite/patches/0003-Fix-CVE-2019-19603-in-SQLite.patch | 95 | ||||
| -rw-r--r-- | src/3rdparty/sqlite/sqlite3.c | 32 |
2 files changed, 121 insertions, 6 deletions
diff --git a/src/3rdparty/sqlite/patches/0003-Fix-CVE-2019-19603-in-SQLite.patch b/src/3rdparty/sqlite/patches/0003-Fix-CVE-2019-19603-in-SQLite.patch new file mode 100644 index 0000000000..1b8deaa4a1 --- /dev/null +++ b/src/3rdparty/sqlite/patches/0003-Fix-CVE-2019-19603-in-SQLite.patch @@ -0,0 +1,95 @@ +From 11a2f4647b67494fb731a6fd793f1b28074631d3 Mon Sep 17 00:00:00 2001 +From: Andy Shaw <andy.shaw@qt.io> +Date: Thu, 19 Dec 2019 22:31:15 +0100 +Subject: [PATCH] Fix CVE-2019-19603 in SQLite + +This includes the patch needed to fix this CVE and a supporting one to +include a new function added that it depends on. + +Task-number: QTBUG-80903 +Change-Id: Ic7639d50c89a3ee7d45426588c3ab0efd0eebb72 +--- + src/3rdparty/sqlite/sqlite3.c | 32 ++++++++++++++++++++++++++------ + 1 file changed, 26 insertions(+), 6 deletions(-) + +diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c +index d3e0c065b6..a430554db7 100644 +--- a/src/3rdparty/sqlite/sqlite3.c ++++ b/src/3rdparty/sqlite/sqlite3.c +@@ -19519,6 +19519,12 @@ SQLITE_PRIVATE Module *sqlite3VtabCreateModule( + ); + # define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0) + #endif ++SQLITE_PRIVATE int sqlite3ReadOnlyShadowTables(sqlite3 *db); ++#ifndef SQLITE_OMIT_VIRTUALTABLE ++SQLITE_PRIVATE int sqlite3ShadowTableName(sqlite3 *db, const char *zName); ++#else ++# define sqlite3ShadowTableName(A,B) 0 ++#endif + SQLITE_PRIVATE int sqlite3VtabEponymousTableInit(Parse*,Module*); + SQLITE_PRIVATE void sqlite3VtabEponymousTableClear(sqlite3*,Module*); + SQLITE_PRIVATE void sqlite3VtabMakeWritable(Parse*,Table*); +@@ -108483,6 +108489,22 @@ SQLITE_PRIVATE int sqlite3WritableSchema(sqlite3 *db){ + return (db->flags&(SQLITE_WriteSchema|SQLITE_Defensive))==SQLITE_WriteSchema; + } + ++/* ++ ** Return TRUE if shadow tables should be read-only in the current ++ ** context. ++ */ ++int sqlite3ReadOnlyShadowTables(sqlite3 *db){ ++#ifndef SQLITE_OMIT_VIRTUALTABLE ++ if( (db->flags & SQLITE_Defensive)!=0 ++ && db->pVtabCtx==0 ++ && db->nVdbeExec==0 ++ ){ ++ return 1; ++ } ++#endif ++ return 0; ++} ++ + /* + ** This routine is used to check if the UTF-8 string zName is a legal + ** unqualified name for a new schema object (table, index, view or +@@ -108516,8 +108538,8 @@ SQLITE_PRIVATE int sqlite3CheckObjectName( + } + } + }else{ +- if( pParse->nested==0 +- && 0==sqlite3StrNICmp(zName, "sqlite_", 7) ++ if( (pParse->nested==0 && 0==sqlite3StrNICmp(zName, "sqlite_", 7)) ++ || (sqlite3ReadOnlyShadowTables(db) && sqlite3ShadowTableName(db, zName)) + ){ + sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s", + zName); +@@ -109662,7 +109684,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){ + ** zName is temporarily modified while this routine is running, but is + ** restored to its original value prior to this routine returning. + */ +-static int isShadowTableName(sqlite3 *db, char *zName){ ++int sqlite3ShadowTableName(sqlite3 *db, const char *zName){ + char *zTail; /* Pointer to the last "_" in zName */ + Table *pTab; /* Table that zName is a shadow of */ + Module *pMod; /* Module for the virtual table */ +@@ -109680,8 +109702,6 @@ static int isShadowTableName(sqlite3 *db, char *zName){ + if( pMod->pModule->xShadowName==0 ) return 0; + return pMod->pModule->xShadowName(zTail+1); + } +-#else +-# define isShadowTableName(x,y) 0 + #endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */ + + /* +@@ -109723,7 +109743,7 @@ SQLITE_PRIVATE void sqlite3EndTable( + p = pParse->pNewTable; + if( p==0 ) return; + +- if( pSelect==0 && isShadowTableName(db, p->zName) ){ ++ if( pSelect==0 && sqlite3ShadowTableName(db, p->zName) ){ + p->tabFlags |= TF_Shadow; + } + +-- +2.21.0 (Apple Git-122.2) + diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c index d3e0c065b6..a430554db7 100644 --- a/src/3rdparty/sqlite/sqlite3.c +++ b/src/3rdparty/sqlite/sqlite3.c @@ -19519,6 +19519,12 @@ SQLITE_PRIVATE Module *sqlite3VtabCreateModule( ); # define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0) #endif +SQLITE_PRIVATE int sqlite3ReadOnlyShadowTables(sqlite3 *db); +#ifndef SQLITE_OMIT_VIRTUALTABLE +SQLITE_PRIVATE int sqlite3ShadowTableName(sqlite3 *db, const char *zName); +#else +# define sqlite3ShadowTableName(A,B) 0 +#endif SQLITE_PRIVATE int sqlite3VtabEponymousTableInit(Parse*,Module*); SQLITE_PRIVATE void sqlite3VtabEponymousTableClear(sqlite3*,Module*); SQLITE_PRIVATE void sqlite3VtabMakeWritable(Parse*,Table*); @@ -108484,6 +108490,22 @@ SQLITE_PRIVATE int sqlite3WritableSchema(sqlite3 *db){ } /* + ** Return TRUE if shadow tables should be read-only in the current + ** context. + */ +int sqlite3ReadOnlyShadowTables(sqlite3 *db){ +#ifndef SQLITE_OMIT_VIRTUALTABLE + if( (db->flags & SQLITE_Defensive)!=0 + && db->pVtabCtx==0 + && db->nVdbeExec==0 + ){ + return 1; + } +#endif + return 0; +} + +/* ** This routine is used to check if the UTF-8 string zName is a legal ** unqualified name for a new schema object (table, index, view or ** trigger). All names are legal except those that begin with the string @@ -108516,8 +108538,8 @@ SQLITE_PRIVATE int sqlite3CheckObjectName( } } }else{ - if( pParse->nested==0 - && 0==sqlite3StrNICmp(zName, "sqlite_", 7) + if( (pParse->nested==0 && 0==sqlite3StrNICmp(zName, "sqlite_", 7)) + || (sqlite3ReadOnlyShadowTables(db) && sqlite3ShadowTableName(db, zName)) ){ sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s", zName); @@ -109662,7 +109684,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){ ** zName is temporarily modified while this routine is running, but is ** restored to its original value prior to this routine returning. */ -static int isShadowTableName(sqlite3 *db, char *zName){ +int sqlite3ShadowTableName(sqlite3 *db, const char *zName){ char *zTail; /* Pointer to the last "_" in zName */ Table *pTab; /* Table that zName is a shadow of */ Module *pMod; /* Module for the virtual table */ @@ -109680,8 +109702,6 @@ static int isShadowTableName(sqlite3 *db, char *zName){ if( pMod->pModule->xShadowName==0 ) return 0; return pMod->pModule->xShadowName(zTail+1); } -#else -# define isShadowTableName(x,y) 0 #endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */ /* @@ -109723,7 +109743,7 @@ SQLITE_PRIVATE void sqlite3EndTable( p = pParse->pNewTable; if( p==0 ) return; - if( pSelect==0 && isShadowTableName(db, p->zName) ){ + if( pSelect==0 && sqlite3ShadowTableName(db, p->zName) ){ p->tabFlags |= TF_Shadow; } |