From 53a9e04238771376d76b7f939ae700288b303def Mon Sep 17 00:00:00 2001
From: hanqiudan <hanqiudan@huawei.com>
Date: Sat, 23 Mar 2024 17:31:34 +0800
Subject: [PATCH] [Backport] fix CVE-2024-1013

Offering:EulerOS Server
CVE:CVE-2024-1013
Reference:https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1
Type:CVE
reason:fix CVE-2024-1013
(cherry picked from commit 987166f3a12a4d43d2ee97830931bd747acc1a75)
---
 backport-0001-CVE-2024-1013.patch | 47 +++++++++++++++++++++++++++++++
 unixODBC.spec                     |  6 +++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 backport-0001-CVE-2024-1013.patch

diff --git a/backport-0001-CVE-2024-1013.patch b/backport-0001-CVE-2024-1013.patch
new file mode 100644
index 0000000..aa5d6f0
--- /dev/null
+++ b/backport-0001-CVE-2024-1013.patch
@@ -0,0 +1,47 @@
+From 42e2713db65f5b1ea4d52ba7832b4b644965d7ee Mon Sep 17 00:00:00 2001
+From: hanqiudan <hanqiudan@huawei.com>
+Date: Sat, 23 Mar 2024 12:22:38 +0800
+Subject: [PATCH] [Backport] fix CVE-2024-1013
+
+Offering:EulerOS Server
+CVE:CVE-2024-1013
+Reference:https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1
+Type:CVE
+reason:fix CVE-2024-1013
+---
+ Drivers/Postgre7.1/info.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c
+index 63ac91f..2216ecd 100755
+--- a/Drivers/Postgre7.1/info.c
++++ b/Drivers/Postgre7.1/info.c
+@@ -1779,14 +1779,14 @@ char *table_name;
+ char index_name[MAX_INFO_STRING];
+ short fields_vector[8];
+ char isunique[10], isclustered[10];
+-SDWORD index_name_len, fields_vector_len;
++SQLLEN index_name_len, fields_vector_len;
+ TupleNode *row;
+ int i;
+ HSTMT hcol_stmt;
+ StatementClass *col_stmt, *indx_stmt;
+ char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING];
+ char **column_names = 0;
+-Int4 column_name_len;
++SQLLEN column_name_len;
+ int total_columns = 0;
+ char error = TRUE;
+ ConnInfo *ci;
+@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt;
+ StatementClass *tbl_stmt;
+ char tables_query[STD_STATEMENT_LEN];
+ char attname[MAX_INFO_STRING];
+-SDWORD attname_len;
++SQLLEN attname_len;
+ char pktab[MAX_TABLE_LEN + 1];
+ Int2 result_cols;
+ 
+-- 
+2.23.0
+
diff --git a/unixODBC.spec b/unixODBC.spec
index 3f615f5..86d3e1d 100644
--- a/unixODBC.spec
+++ b/unixODBC.spec
@@ -1,6 +1,6 @@
 Name:          unixODBC
 Version:       2.3.7
-Release:       3
+Release:       3.h1
 Summary:       Open-source project that implements the ODBC API
 License:       GPLv2+ and LGPLv2+
 URL:           http://www.unixODBC.org/
@@ -9,6 +9,7 @@ Source1:       odbcinst.ini
 Patch0000:     so-version-bump.patch
 Patch0001:     keep-typedefs.patch
 Patch0002:     fix_leaks.patch
+Patch0003:     backport-0001-CVE-2024-1013.patch
 Conflicts:     iodbc
 BuildRequires: automake autoconf libtool libtool-ltdl-devel bison flex readline-devel
 
@@ -91,6 +92,9 @@ find doc -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/libtool
 
 %changelog
+* Sat Mar 23 2024 hanqiudan <hanqiudan@huawei.com> - 2.3.7-3.h1
+- fix CVE-2024-1013 
+
 * Mon Nov 8 2021 Haoran Yang <yanghaoran7@huawei.com> - 2.3.7-3
 - fix some leaks and eliminate duplicated code
 
-- 
Gitee