From 281ace3ce43eff2733c8796387d20fbe05c069c0 Mon Sep 17 00:00:00 2001
From: wbq_sky <wangbingquan@huawei.com>
Date: Sat, 27 Nov 2021 14:08:25 +0800
Subject: [PATCH] fix the CVE-2021-36690

Signed-off-by: wbq_sky <wangbingquan@huawei.com>
---
 0003-CVE-2021-36690.patch | 44 +++++++++++++++++++++++++++++++++++++++
 sqlite.spec               | 13 ++++++++----
 2 files changed, 53 insertions(+), 4 deletions(-)
 create mode 100644 0003-CVE-2021-36690.patch

diff --git a/0003-CVE-2021-36690.patch b/0003-CVE-2021-36690.patch
new file mode 100644
index 0000000..db53e16
--- /dev/null
+++ b/0003-CVE-2021-36690.patch
@@ -0,0 +1,44 @@
+diff -rNu a/ext/expert/sqlite3expert.c b/ext/expert/sqlite3expert.c
+--- a/ext/expert/sqlite3expert.c	2021-11-25 09:00:19.267831518 +0800
++++ b/ext/expert/sqlite3expert.c	2021-11-25 09:07:38.551969861 +0800
+@@ -690,11 +690,13 @@
+   rc = idxPrintfPrepareStmt(db, &p1, pzErrmsg, "PRAGMA table_xinfo=%Q", zTab);
+   while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
+     const char *zCol = (const char*)sqlite3_column_text(p1, 1);
++    const char *zColSeq = 0;
+     nByte += 1 + STRLEN(zCol);
+     rc = sqlite3_table_column_metadata(
+-        db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
++        db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
+     );
+-    nByte += 1 + STRLEN(zCol);
++    if( zColSeq==0 ) zColSeq = "binary";
++    nByte += 1 + STRLEN(zColSeq);
+     nCol++;
+     nPk += (sqlite3_column_int(p1, 5)>0);
+   }
+@@ -714,6 +716,7 @@
+   nCol = 0;
+   while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
+     const char *zCol = (const char*)sqlite3_column_text(p1, 1);
++    const char *zColSeq = 0;
+     int nCopy = STRLEN(zCol) + 1;
+     pNew->aCol[nCol].zName = pCsr;
+     pNew->aCol[nCol].iPk = (sqlite3_column_int(p1, 5)==1 && nPk==1);
+@@ -721,12 +724,13 @@
+     pCsr += nCopy;
+ 
+     rc = sqlite3_table_column_metadata(
+-        db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
++        db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
+     );
+     if( rc==SQLITE_OK ){
+-      nCopy = STRLEN(zCol) + 1;
++      if( zColSeq==0 ) zColSeq = "binary";
++      nCopy = STRLEN(zColSeq) + 1;
+       pNew->aCol[nCol].zColl = pCsr;
+-      memcpy(pCsr, zCol, nCopy);
++      memcpy(pCsr, zColSeq, nCopy);
+       pCsr += nCopy;
+     }
+ 
diff --git a/sqlite.spec b/sqlite.spec
index 020758b..d8d6d5d 100644
--- a/sqlite.spec
+++ b/sqlite.spec
@@ -6,17 +6,18 @@
 
 Name:    sqlite
 Version: 3.36.0
-Release: 1
+Release: 2
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
 
-Source0: https://www.sqlite.org/2020/sqlite-src-%{extver}.zip
-Source1: http://www.sqlite.org/2020/sqlite-doc-%{extver}.zip
-Source2: https://www.sqlite.org/2020/sqlite-autoconf-%{extver}.tar.gz
+Source0: https://www.sqlite.org/2021/sqlite-src-%{extver}.zip
+Source1: http://www.sqlite.org/2021/sqlite-doc-%{extver}.zip
+Source2: https://www.sqlite.org/2021/sqlite-autoconf-%{extver}.tar.gz
 
 Patch1: 0001-sqlite-no-malloc-usable-size.patch
 Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
+Patch3: 0003-CVE-2021-36690.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -61,6 +62,7 @@ This contains man files and HTML files for the using of sqlite.
 %setup -q -a1 -n %{name}-src-%{extver}
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
@@ -131,6 +133,9 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Fri Nov 27 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-2
+- fix the CVE-2021-36690.
+
 * Fri Nov 25 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-1
 - update to 3.36.0.
 
-- 
Gitee