Patch libdb for CVE-2020-13435 [Medium] (#12569)

xordux · web-flow · commit f36c8d959462 · 2025-02-26T13:37:33.000+05:30
diff --git a/SPECS/libdb/CVE-2020-13435.patch b/SPECS/libdb/CVE-2020-13435.patch
@@ -0,0 +1,41 @@
+From 716c9cccdc0716b5e8e3cdd3f68fae702f255861 Mon Sep 17 00:00:00 2001
+From: Rohit Rawat <xordux@gmail.com>
+Date: Wed, 19 Feb 2025 16:59:21 +0000
+Subject: [PATCH] CVE-2020-13435
+
+Taken from https://www.sqlite.org/src/info/572105de1d44bca4
+---
+ lang/sql/sqlite/src/expr.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/lang/sql/sqlite/src/expr.c b/lang/sql/sqlite/src/expr.c
+index c0e9ba6..a253446 100644
+--- a/lang/sql/sqlite/src/expr.c
++++ b/lang/sql/sqlite/src/expr.c
+@@ -2280,7 +2280,10 @@ int sqlite3ExprCodeTarget(Parse *pParse, Expr *pExpr, int target){
+   switch( op ){
+     case TK_AGG_COLUMN: {
+       AggInfo *pAggInfo = pExpr->pAggInfo;
+-      struct AggInfo_col *pCol = &pAggInfo->aCol[pExpr->iAgg];
++      struct AggInfo_col *pCol;
++      assert( pAggInfo!=0 );
++      assert( pExpr->iAgg>=0 && pExpr->iAgg<pAggInfo->nColumn );
++      pCol = &pAggInfo->aCol[pExpr->iAgg];
+       if( !pAggInfo->directMode ){
+         assert( pCol->iMem>0 );
+         inReg = pCol->iMem;
+@@ -2514,7 +2517,10 @@ int sqlite3ExprCodeTarget(Parse *pParse, Expr *pExpr, int target){
+     }
+     case TK_AGG_FUNCTION: {
+       AggInfo *pInfo = pExpr->pAggInfo;
+-      if( pInfo==0 ){
++      if( pInfo==0
++       || NEVER(pExpr->iAgg<0)
++       || NEVER(pExpr->iAgg>=pInfo->nFunc)
++      ){
+         assert( !ExprHasProperty(pExpr, EP_IntValue) );
+         sqlite3ErrorMsg(pParse, "misuse of aggregate: %s()", pExpr->u.zToken);
+       }else{
+-- 
+2.40.4
+
diff --git a/SPECS/libdb/libdb.spec b/SPECS/libdb/libdb.spec
@@ -1,14 +1,15 @@
 Summary:        The Berkley DB database library for C
 Name:           libdb
 Version:        5.3.28
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System/Libraries
 URL:            https://oss.oracle.com/berkeley-db.html
 Source0:        http://download.oracle.com/berkeley-db/db-%{version}.tar.gz
 Patch0:         CVE-2019-2708.patch
+Patch1:         CVE-2020-13435.patch
 Obsoletes:      db
 
 %description
@@ -92,6 +93,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_bindir}/db*_tuner
 
 %changelog
+* Fri Feb 21 2025 Rohit Rawat <rohitrawat@microsoft.com> - 5.3.28-9
+- Patch CVE-2020-13435
+
 * Thu May 16 2024 Daniel McIlvaney <damcilva@microsoft.com> - 5.3.28-8
 - Sanitize license files
 
