!67 Fix the CVE-2021-20223

From: @wbq_sky Reviewed-by: @bzhaoop Signed-off-by: @bzhaoop
2022-08-31 06:08:34 +00:00 · 2022-08-31 06:08:34 +00:00 · cc09bf633f
commit cc09bf633f
parent 735db3eda2 7bdcab225b
2 changed files with 79 additions and 2 deletions
--- a/0005-CVE-2021-20223.patch
+++ b/0005-CVE-2021-20223.patch
@ -0,0 +1,73 @@
 From 4c5f8ebaf38faa9be7bdacc4fe53e91dc9750a88 Mon Sep 17 00:00:00 2001
 From: wbq_sky <wangbingquan@huawei.com>
 Date: Wed, 31 Aug 2022 10:56:50 +0800
 Subject: [PATCH] Fix CVE-2021-20223 From
 d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001 From: dan
 <dan@noemail.net> Date: Mon, 26 Oct 2020 13:24:36 +0000 Subject: [PATCH]
 Prevent fts5 tokenizer unicode61 from considering '\0' to be  a token
 characters, even if other characters of class "Cc" are.
 FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f
 ---
 ext/fts5/fts5_unicode2.c    |  1 +
 ext/fts5/test/fts5tok1.test | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 diff --git a/ext/fts5/fts5_unicode2.c b/ext/fts5/fts5_unicode2.c
 index 161e8d8..843133e 100644
 --- a/ext/fts5/fts5_unicode2.c
 +++ b/ext/fts5/fts5_unicode2.c
@@ -773,4 +773,5 @@ void sqlite3Fts5UnicodeAscii(u8 *aArray, u8 *aAscii){
     }
     iTbl++;
   }
 +  aAscii[0] = 0;                  /* 0x00 is never a token character */
 }
 diff --git a/ext/fts5/test/fts5tok1.test b/ext/fts5/test/fts5tok1.test
 index a336f11..c605ce3 100644
 --- a/ext/fts5/test/fts5tok1.test
 +++ b/ext/fts5/test/fts5tok1.test
@@ -111,5 +111,40 @@ do_catchsql_test 2.1 {
   SELECT * FROM t4;
 } {1 {SQL logic error}}
 +#-------------------------------------------------------------------------
 +# Embedded 0x00 characters.
 +#
 +reset_db
 +do_execsql_test 3.1.0 {
 +  CREATE VIRTUAL TABLE t1 USING fts5(z);
 +  CREATE VIRTUAL TABLE tt USING fts5vocab(t1, 'instance');
 +  INSERT INTO t1 VALUES('abc' || char(0) || 'def');
 +  SELECT * FROM tt;
 +} { abc 1 z 0 def 1 z 1 }
 +do_execsql_test 3.1.1 {
 +  SELECT hex(z) FROM t1;
 +} {61626300646566}
 +do_execsql_test 3.1.2 {
 +  INSERT INTO t1(t1) VALUES('integrity-check');
 +} {}
 +
 +do_execsql_test 3.2.0 {
 +  CREATE VIRTUAL TABLE t2 USING fts5(z, 
 +      tokenize="unicode61 categories 'L* N* Co Cc'"
 +  );
 +  CREATE VIRTUAL TABLE tu USING fts5vocab(t2, 'instance');
 +
 +  INSERT INTO t2 VALUES('abc' || char(0) || 'def');
 +  SELECT * FROM tu;
 +} { abc 1 z 0 def 1 z 1 }
 +
 +do_execsql_test 3.2.1 {
 +  SELECT hex(z) FROM t1;
 +} {61626300646566}
 +
 +do_execsql_test 3.2.2 {
 +  INSERT INTO t1(t1) VALUES('integrity-check');
 +} {}
 +
 finish_test
 -- 
 2.25.1
--- a/sqlite.spec
+++ b/sqlite.spec
@ -7,7 +7,7 @@
 Name:    sqlite
 Version: 3.32.3
-Release: 4
+Release: 5
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
@ -20,6 +20,7 @@ Patch1: 0001-sqlite-no-malloc-usable-size.patch
 Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
 Patch3: CVE-2021-20227.patch
 Patch4: 0004-CVE-2022-35737.patch
 Patch5: 0005-CVE-2021-20223.patch
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@ -66,7 +67,7 @@ This contains man files and HTML files for the using of sqlite.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-
+%patch5 -p1
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
@ -139,6 +140,9 @@ make test
 %{_mandir}/man*/*
 %changelog
 * Wed Aug 31 2022 wbq_sky<wangbingquan@huawei.com> - 3.32.3-5
 - Fix CVE-2021-20223
 * Tue Aug 16 2022 liusirui<liusirui@huawei.com> - 3.32.3-4
 - Fix CVE-2022-35737