diff options
Diffstat (limited to 'poky/meta/recipes-support/sqlite/files/CVE-2022-46908.patch')
-rw-r--r-- | poky/meta/recipes-support/sqlite/files/CVE-2022-46908.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2022-46908.patch b/poky/meta/recipes-support/sqlite/files/CVE-2022-46908.patch new file mode 100644 index 0000000000..38bd544838 --- /dev/null +++ b/poky/meta/recipes-support/sqlite/files/CVE-2022-46908.patch @@ -0,0 +1,39 @@ +From 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC +From: larrybr <larrybr@sqlite.org> +Date: 2022-12-05 02:52:37 UTC +Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs + +Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f. + +Upstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2] +CVE-2022-46908 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + shell.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/shell.c b/shell.c +index d104768..0200c0a 100644 +--- a/shell.c ++++ b/shell.c +@@ -12894,7 +12894,7 @@ static int safeModeAuth( + "zipfile", + "zipfile_cds", + }; +- UNUSED_PARAMETER(zA2); ++ UNUSED_PARAMETER(zA1); + UNUSED_PARAMETER(zA3); + UNUSED_PARAMETER(zA4); + switch( op ){ +@@ -12905,7 +12905,7 @@ static int safeModeAuth( + case SQLITE_FUNCTION: { + int i; + for(i=0; i<ArraySize(azProhibitedFunctions); i++){ +- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){ ++ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){ + failIfSafeMode(p, "cannot use the %s() function in safe mode", + azProhibitedFunctions[i]); + } +-- +2.30.2 + |