libdbi-drivers: Add fixes for out-of-bounds write in the sqlite3 driver
While working on the OpenBSC/NITB schema migration I experienced crashes and traced it down to libdbi-drivers. It was possible that a special string quote each character and then adding '"\0' would result in out of bounds write.
This commit is contained in:
parent
507dc57c51
commit
0eafd5637d
|
@ -0,0 +1,17 @@
|
|||
This is a backport of a fix from Holger Freyther to the
|
||||
libdbd sqlite3 driver.
|
||||
|
||||
Index: libdbi-drivers-0.8.3-1/drivers/sqlite3/dbd_sqlite3.c
|
||||
===================================================================
|
||||
--- libdbi-drivers-0.8.3-1.orig/drivers/sqlite3/dbd_sqlite3.c
|
||||
+++ libdbi-drivers-0.8.3-1/drivers/sqlite3/dbd_sqlite3.c
|
||||
@@ -502,7 +502,8 @@ size_t dbd_quote_binary(dbi_conn_t *conn
|
||||
unsigned char *temp;
|
||||
size_t len;
|
||||
|
||||
- if ((temp = malloc(from_length*2)) == NULL) {
|
||||
+ /* allocate an extra byte for NULL and two for the quotes */
|
||||
+ if ((temp = malloc(2*from_length+1+2)) == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1,6 +1,8 @@
|
|||
require ${PN}.inc
|
||||
|
||||
PR = "${INC_PR}.0"
|
||||
PR = "${INC_PR}.1"
|
||||
|
||||
SRC_URI[md5sum] = "4de79b323162a5a7652b65b608eca6cd"
|
||||
SRC_URI[sha256sum] = "4ab9944398ce769c0deeb64d2f73555c67bc25ccd2ade1ccf552226c7b2acf72"
|
||||
|
||||
SRC_URI += "file://memory-corruption-fixes.patch"
|
||||
|
|
Loading…
Reference in New Issue