| Fix CVE-2017-13685 |
| |
| The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a |
| denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. |
| |
| Patch taken from Debian: |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873762 |
| |
| Upstream issue: https://sqlite.org/src/info/02f0f4c54f2819b3 |
| |
| Signed-off-by: Baruch Siach <baruch@tkos.co.il> |
| |
| Index: src/shell.c |
| ================================================================== |
| --- src/shell.c |
| +++ src/shell.c |
| @@ -2657,10 +2657,11 @@ |
| int *aiType /* Column types */ |
| ){ |
| int i; |
| ShellState *p = (ShellState*)pArg; |
| |
| + if( azArg==0 ) return 0; |
| switch( p->cMode ){ |
| case MODE_Line: { |
| int w = 5; |
| if( azArg==0 ) break; |
| for(i=0; i<nArg; i++){ |
| @@ -3007,10 +3008,11 @@ |
| */ |
| static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){ |
| ShellText *p = (ShellText*)pArg; |
| int i; |
| UNUSED_PARAMETER(az); |
| + if( azArg==0 ) return 0; |
| if( p->n ) appendText(p, "|", 0); |
| for(i=0; i<nArg; i++){ |
| if( i ) appendText(p, ",", 0); |
| if( azArg[i] ) appendText(p, azArg[i], 0); |
| } |
| @@ -3888,11 +3890,11 @@ |
| const char *zType; |
| const char *zSql; |
| ShellState *p = (ShellState *)pArg; |
| |
| UNUSED_PARAMETER(azNotUsed); |
| - if( nArg!=3 ) return 1; |
| + if( nArg!=3 || azArg==0 ) return 0; |
| zTable = azArg[0]; |
| zType = azArg[1]; |
| zSql = azArg[2]; |
| |
| if( strcmp(zTable, "sqlite_sequence")==0 ){ |
| |
