!67 Fix the CVE-2021-20223

From: @wbq_sky Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop
2022-08-31 06:08:34 +00:00 · 2022-08-31 06:08:34 +00:00 · cc09bf633f
commit cc09bf633f
parent 735db3eda2 7bdcab225b
2 changed files with 79 additions and 2 deletions
--- a/0005-CVE-2021-20223.patch
+++ b/0005-CVE-2021-20223.patch
@ -0,0 +1,73 @@
+From 4c5f8ebaf38faa9be7bdacc4fe53e91dc9750a88 Mon Sep 17 00:00:00 2001
+From: wbq_sky <wangbingquan@huawei.com>
+Date: Wed, 31 Aug 2022 10:56:50 +0800
+Subject: [PATCH] Fix CVE-2021-20223 From
+ d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001 From: dan
+ <dan@noemail.net> Date: Mon, 26 Oct 2020 13:24:36 +0000 Subject: [PATCH]
+ Prevent fts5 tokenizer unicode61 from considering '\0' to be  a token
+ characters, even if other characters of class "Cc" are.
+
+FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f
+---
+ ext/fts5/fts5_unicode2.c    |  1 +
+ ext/fts5/test/fts5tok1.test | 35 +++++++++++++++++++++++++++++++++++
+ 2 files changed, 36 insertions(+)
+
+diff --git a/ext/fts5/fts5_unicode2.c b/ext/fts5/fts5_unicode2.c
+index 161e8d8..843133e 100644
+--- a/ext/fts5/fts5_unicode2.c
+++ b/ext/fts5/fts5_unicode2.c
+@@ -773,4 +773,5 @@ void sqlite3Fts5UnicodeAscii(u8 *aArray, u8 *aAscii){
+     }
+     iTbl++;
+   }
+  aAscii[0] = 0;                  /* 0x00 is never a token character */
+ }
+diff --git a/ext/fts5/test/fts5tok1.test b/ext/fts5/test/fts5tok1.test
+index a336f11..c605ce3 100644
+--- a/ext/fts5/test/fts5tok1.test
+++ b/ext/fts5/test/fts5tok1.test
+@@ -111,5 +111,40 @@ do_catchsql_test 2.1 {
+   SELECT * FROM t4;
+ } {1 {SQL logic error}}
+ 
+#-------------------------------------------------------------------------
+# Embedded 0x00 characters.
+#
+reset_db
+do_execsql_test 3.1.0 {
+  CREATE VIRTUAL TABLE t1 USING fts5(z);
+  CREATE VIRTUAL TABLE tt USING fts5vocab(t1, 'instance');
+  INSERT INTO t1 VALUES('abc' || char(0) || 'def');
+  SELECT * FROM tt;
+} { abc 1 z 0 def 1 z 1 }
+do_execsql_test 3.1.1 {
+  SELECT hex(z) FROM t1;
+} {61626300646566}
+do_execsql_test 3.1.2 {
+  INSERT INTO t1(t1) VALUES('integrity-check');
+} {}
+
+do_execsql_test 3.2.0 {
+  CREATE VIRTUAL TABLE t2 USING fts5(z, 
+      tokenize="unicode61 categories 'L* N* Co Cc'"
+  );
+  CREATE VIRTUAL TABLE tu USING fts5vocab(t2, 'instance');
+
+  INSERT INTO t2 VALUES('abc' || char(0) || 'def');
+  SELECT * FROM tu;
+} { abc 1 z 0 def 1 z 1 }
+
+do_execsql_test 3.2.1 {
+  SELECT hex(z) FROM t1;
+} {61626300646566}
+
+do_execsql_test 3.2.2 {
+  INSERT INTO t1(t1) VALUES('integrity-check');
+} {}
+
+ 
+ finish_test
+-- 
+2.25.1
+
--- a/sqlite.spec
+++ b/sqlite.spec
@ -7,7 +7,7 @@

 Name:    sqlite
 Version: 3.32.3
-Release: 4
+Release: 5
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
@ -20,6 +20,7 @@ Patch1: 0001-sqlite-no-malloc-usable-size.patch
 Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
 Patch3: CVE-2021-20227.patch
 Patch4: 0004-CVE-2022-35737.patch
+Patch5: 0005-CVE-2021-20223.patch

 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@ -66,7 +67,7 @@ This contains man files and HTML files for the using of sqlite.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-
+%patch5 -p1

 rm -f %{name}-doc-%{extver}/sqlite.css~ || :

@ -139,6 +140,9 @@ make test
 %{_mandir}/man*/*

 %changelog
+* Wed Aug 31 2022 wbq_sky<wangbingquan@huawei.com> - 3.32.3-5
+- Fix CVE-2021-20223
+
 * Tue Aug 16 2022 liusirui<liusirui@huawei.com> - 3.32.3-4
 - Fix CVE-2022-35737