5bb45f7194
Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message. CVE-2018-8740 will be entered into VuXML when SQLite will make a release, because CVE-2018-8740 says that versions up to and including the current version 3.22.0 are vulnerable. Submitted by: Pavel Volkov <pavelivolkov@gmail.com> (maintainer) Reported by: tj <tj@mrsk.me>
37 lines
1.4 KiB
C
37 lines
1.4 KiB
C
Fix for CVE-2018-8740: https://nvd.nist.gov/vuln/detail/CVE-2018-8740
|
|
Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message.
|
|
Commit [d75e6765]: https://www.sqlite.org/src/info/d75e67654aa9620b
|
|
Description: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
|
|
|
|
--- sqlite3.c.orig 2018-03-22 07:08:21 UTC
|
|
+++ sqlite3.c
|
|
@@ -103474,8 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable(
|
|
p = pParse->pNewTable;
|
|
if( p==0 ) return;
|
|
|
|
- assert( !db->init.busy || !pSelect );
|
|
-
|
|
/* If the db->init.busy is 1 it means we are reading the SQL off the
|
|
** "sqlite_master" or "sqlite_temp_master" table on the disk.
|
|
** So do not write to the disk again. Extract the root page number
|
|
@@ -103486,6 +103484,10 @@ SQLITE_PRIVATE void sqlite3EndTable(
|
|
** table itself. So mark it read-only.
|
|
*/
|
|
if( db->init.busy ){
|
|
+ if( pSelect ){
|
|
+ sqlite3ErrorMsg(pParse, "");
|
|
+ return;
|
|
+ }
|
|
p->tnum = db->init.newTnum;
|
|
if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
|
|
}
|
|
@@ -117813,7 +117815,7 @@ static void corruptSchema(
|
|
char *z;
|
|
if( zObj==0 ) zObj = "?";
|
|
z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
|
|
- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
|
|
+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
|
|
sqlite3DbFree(db, *pData->pzErrMsg);
|
|
*pData->pzErrMsg = z;
|
|
}
|