libdbi-drivers: Add fixes for out-of-bounds write in the sqlite3 driver

While working on the OpenBSC/NITB schema migration I experienced crashes and traced it down to libdbi-drivers. It was possible that a special string quote each character and then adding '"\0' would result in out of bounds write.
2014-04-08 19:43:14 +02:00 · 2014-04-08 19:43:14 +02:00 · 0eafd5637d
parent 507dc57c51
commit 0eafd5637d
2 changed files with 20 additions and 1 deletions
--- a/recipes-misc/libdbi/files/memory-corruption-fixes.patch
+++ b/recipes-misc/libdbi/files/memory-corruption-fixes.patch
@ -0,0 +1,17 @@
+This is a backport of a fix from Holger Freyther to the
+libdbd sqlite3 driver.
+
+Index: libdbi-drivers-0.8.3-1/drivers/sqlite3/dbd_sqlite3.c
+===================================================================
+--- libdbi-drivers-0.8.3-1.orig/drivers/sqlite3/dbd_sqlite3.c
+++ libdbi-drivers-0.8.3-1/drivers/sqlite3/dbd_sqlite3.c
+@@ -502,7 +502,8 @@ size_t dbd_quote_binary(dbi_conn_t *conn
+   unsigned char *temp;
+   size_t len;
+ 
+-  if ((temp = malloc(from_length*2)) == NULL) {
+  /* allocate an extra byte for NULL and two for the quotes */
+  if ((temp = malloc(2*from_length+1+2)) == NULL) {
+     return 0;
+   }
+ 
--- a/recipes-misc/libdbi/libdbi-drivers_0.8.3-1.bb
+++ b/recipes-misc/libdbi/libdbi-drivers_0.8.3-1.bb
@ -1,6 +1,8 @@
 require ${PN}.inc

-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1"

 SRC_URI[md5sum] = "4de79b323162a5a7652b65b608eca6cd"
 SRC_URI[sha256sum] = "4ab9944398ce769c0deeb64d2f73555c67bc25ccd2ade1ccf552226c7b2acf72"
+
+SRC_URI += "file://memory-corruption-fixes.patch"