packages/unixODBC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Backport] fix CVE-2024-1013

Browse Source 
Offering:EulerOS Server
CVE:CVE-2024-1013
Reference:45f501e1be
Type:CVE
reason:fix CVE-2024-1013
This commit is contained in:
hanqiudan 2024-03-23 17:31:34 +08:00
parent 0ff8985a0b
commit ac762de92e
2 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
backport-0001-CVE-2024-1013.patch Normal file
View File

@ -0,0 +1,47 @@
From 42e2713db65f5b1ea4d52ba7832b4b644965d7ee Mon Sep 17 00:00:00 2001
From: hanqiudan <hanqiudan@huawei.com>
Date: Sat, 23 Mar 2024 12:22:38 +0800
Subject: [PATCH] [Backport] fix CVE-2024-1013
Offering:EulerOS Server
CVE:CVE-2024-1013
Reference:https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1
Type:CVE
reason:fix CVE-2024-1013
---
Drivers/Postgre7.1/info.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c
index 63ac91f..2216ecd 100755
--- a/Drivers/Postgre7.1/info.c
+++ b/Drivers/Postgre7.1/info.c
@@ -1779,14 +1779,14 @@ char *table_name;
char index_name[MAX_INFO_STRING];
short fields_vector[8];
char isunique[10], isclustered[10];
-SDWORD index_name_len, fields_vector_len;
+SQLLEN index_name_len, fields_vector_len;
TupleNode *row;
int i;
HSTMT hcol_stmt;
StatementClass *col_stmt, *indx_stmt;
char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING];
char **column_names = 0;
-Int4 column_name_len;
+SQLLEN column_name_len;
int total_columns = 0;
char error = TRUE;
ConnInfo *ci;
@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt;
StatementClass *tbl_stmt;
char tables_query[STD_STATEMENT_LEN];
char attname[MAX_INFO_STRING];
-SDWORD attname_len;
+SQLLEN attname_len;
char pktab[MAX_TABLE_LEN + 1];
Int2 result_cols;
--
2.23.0

6
unixODBC.spec
View File

@ -1,6 +1,6 @@
Name: unixODBC Name: unixODBC
Version: 2.3.7 Version: 2.3.7
Release: 3 Release: 3.h1
Summary: Open-source project that implements the ODBC API Summary: Open-source project that implements the ODBC API
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: http://www.unixODBC.org/ URL: http://www.unixODBC.org/
@ -9,6 +9,7 @@ Source1: odbcinst.ini
Patch0000: so-version-bump.patch Patch0000: so-version-bump.patch
Patch0001: keep-typedefs.patch Patch0001: keep-typedefs.patch
Patch0002: fix_leaks.patch Patch0002: fix_leaks.patch
Patch0003: backport-0001-CVE-2024-1013.patch
Conflicts: iodbc Conflicts: iodbc
BuildRequires: automake autoconf libtool libtool-ltdl-devel bison flex readline-devel BuildRequires: automake autoconf libtool libtool-ltdl-devel bison flex readline-devel
@ -91,6 +92,9 @@ find doc -name 'Makefile*' | xargs rm
%exclude %{_datadir}/libtool %exclude %{_datadir}/libtool
%changelog %changelog
* Sat Mar 23 2024 hanqiudan <hanqiudan@huawei.com> - 2.3.7-3.h1
- fix CVE-2024-1013
* Mon Nov 8 2021 Haoran Yang <yanghaoran7@huawei.com> - 2.3.7-3 * Mon Nov 8 2021 Haoran Yang <yanghaoran7@huawei.com> - 2.3.7-3
- fix some leaks and eliminate duplicated code - fix some leaks and eliminate duplicated code