packages/sqlite-jdbc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sqlite-jdbc/CVE-2023-32697.patch
wk333 34ce86204a Fix CVE-2023-32697
2023-11-06 10:31:26 +08:00

37 lines
1.3 KiB
Diff
Raw Blame History

From edb4b8adc2447bc04e05b9b908195a4bc7926242 Mon Sep 17 00:00:00 2001
From: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
Date: Fri, 19 May 2023 18:37:29 +0800
Subject: [PATCH] fix: use random UUID for external resources
Refer:
https://github.com/xerial/sqlite-jdbc/commit/edb4b8adc2447bc04e05b9b908195a4bc7926242
---
src/main/java/org/sqlite/core/CoreConnection.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/main/java/org/sqlite/core/CoreConnection.java b/src/main/java/org/sqlite/core/CoreConnection.java
index 026bee4..51c870e 100644
--- a/src/main/java/org/sqlite/core/CoreConnection.java
+++ b/src/main/java/org/sqlite/core/CoreConnection.java
@@ -15,6 +15,7 @@ import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;
+import java.util.UUID;
import org.sqlite.date.FastDateFormat;
@@ -238,7 +239,7 @@ public abstract class CoreConnection {
}
String tempFolder = new File(System.getProperty("java.io.tmpdir")).getAbsolutePath();
- String dbFileName = String.format("sqlite-jdbc-tmp-%d.db", resourceAddr.hashCode());
+ String dbFileName = String.format("sqlite-jdbc-tmp-%s.db", UUID.randomUUID());
File dbFile = new File(tempFolder, dbFileName);
if (dbFile.exists()) {
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink