packages/hibernate3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2019-14900

Browse Source
This commit is contained in:
zhanghua1831 2021-03-19 11:24:36 +08:00
parent 505963ea2b
commit 508eb30e26
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
CVE-2019-14900.patch Normal file
View File

@ -0,0 +1,49 @@
From cacc327ec6af98a53dc986a98a396761ce77dac8 Mon Sep 17 00:00:00 2001
From: zhanghua1831 <zhanghua1831@163.com>
Date: Fri, 19 Mar 2021 09:12:05 +0800
Subject: [PATCH] HHH-14077: CVE-2019-14900 SQL injection issue in
Hibernate ORM
---
.../expression/LiteralExpression.java | 20 +++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/hibernate-entitymanager/src/main/java/org/hibernate/ejb/criteria/expression/LiteralExpression.java b/hibernate-entitymanager/src/main/java/org/hibernate/ejb/criteria/expression/LiteralExpression.java
index bd739b7..0104226 100644
--- a/hibernate-entitymanager/src/main/java/org/hibernate/ejb/criteria/expression/LiteralExpression.java
+++ b/hibernate-entitymanager/src/main/java/org/hibernate/ejb/criteria/expression/LiteralExpression.java
@@ -73,17 +73,25 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
return ':' + parameterName;
}
+ private String escapeLiteral(String literal) {
+ return literal.replace("'", "''");
+ }
+
+ private String inlineLiteral(String literal) {
+ return String.format( "\'%s\'", escapeLiteral( literal) );
+ }
+
@SuppressWarnings({ "unchecked" })
public String renderProjection(CriteriaQueryCompiler.RenderingContext renderingContext) {
+ if ( ValueHandlerFactory.isCharacter( literal ) ) {
+ // In case literal is a Character, pass literal.toString() as the argument.
+ return inlineLiteral( literal.toString() );
+ }
+
// some drivers/servers do not like parameters in the select clause
final ValueHandlerFactory.ValueHandler handler =
ValueHandlerFactory.determineAppropriateHandler( literal.getClass() );
- if ( ValueHandlerFactory.isCharacter( literal ) ) {
- return '\'' + handler.render( literal ) + '\'';
- }
- else {
- return handler.render( literal );
- }
+ return handler.render( literal );
}
@Override
--
2.23.0

6
hibernate3.spec
View File

@ -1,6 +1,6 @@
Name: hibernate3 Name: hibernate3
Version: 3.6.10 Version: 3.6.10
Release: 24 Release: 25
Summary: Inquiry service and persistence of releationship Summary: Inquiry service and persistence of releationship
License: LGPLv2+ License: LGPLv2+
URL: http://www.hibernate.org/ URL: http://www.hibernate.org/
@ -10,6 +10,7 @@ Source0: hibernate-orm-3.6.10.Final.tar.xz
Patch0000: hibernate-orm-fix-jacc-gid-aid.patch Patch0000: hibernate-orm-fix-jacc-gid-aid.patch
Patch0001: hibernate-orm-cglib-3.1.patch Patch0001: hibernate-orm-cglib-3.1.patch
Patch0002: CVE-2020-25638.patch Patch0002: CVE-2020-25638.patch
Patch0003: CVE-2019-14900.patch
BuildArch: noarch BuildArch: noarch
@ -156,6 +157,9 @@ export LANG=en_US.UTF-8
%license lgpl.txt %license lgpl.txt
%changelog %changelog
* Fri Mar 19 2021 zhanghua <zhanghua40@huawei.com> - 3.6.10-25
- fix CVE-2019-14900
* Sat Dec 12 2020 zhangtao <zhangtao221@huawei.com> - 3.6.10-24 * Sat Dec 12 2020 zhangtao <zhangtao221@huawei.com> - 3.6.10-24
- CVE-2020-25638 - CVE-2020-25638