Lubuntu/qt6-base
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update patch for CVE-2023-24607.

Browse Source
This commit is contained in:
Patrick Franz 2023-02-27 20:16:02 +01:00
parent a0f205d795
commit 58fa23c73f
No known key found for this signature in database
GPG Key ID: 9E9F7A603077FE56
2 changed files with 41 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/changelog vendored
View File

@ -1,5 +1,8 @@
qt6-base (6.4.2+dfsg-7) UNRELEASED; urgency=medium qt6-base (6.4.2+dfsg-7) UNRELEASED; urgency=medium
[ Patrick Franz ]
* Update patch for CVE-2023-24607.
-- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Mon, 27 Feb 2023 20:11:33 +0100 -- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Mon, 27 Feb 2023 20:11:33 +0100
qt6-base (6.4.2+dfsg-6) unstable; urgency=medium qt6-base (6.4.2+dfsg-6) unstable; urgency=medium

54
debian/patches/cve-2023-24607.patch vendored
View File

@ -1,13 +1,12 @@
Description: Fix CVE-2023-24607 Description: Fix CVE-2023-24607
CVE-2023-24607 can trigger a DOS with a specifically crafted string, CVE-2023-24607 can trigger a DOS with a specifically crafted string,
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031871. see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031871.
This patch backports both https://codereview.qt-project.org/c/qt/qtbase/+/456007 This patch https://codereview.qt-project.org/c/qt/qtbase/+/456216,
and https://codereview.qt-project.org/c/qt/qtbase/+/457937. https://codereview.qt-project.org/c/qt/qtbase/+/457637 and
https://codereview.qt-project.org/c/qt/qtbase/+/457937
See: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
Forwarded: not-needed Forwarded: not-needed
---
diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
index 386ffccf36..80bf6ad7c0 100644
--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp --- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
@@ -58,23 +58,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray<SQLTCHAR>& input, qsize @@ -58,23 +58,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray<SQLTCHAR>& input, qsize
@ -64,7 +63,30 @@ index 386ffccf36..80bf6ad7c0 100644
result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't. result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't.
return result; return result;
} }
@@ -729,6 +745,14 @@ QChar QODBCDriverPrivate::quoteChar()
--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
@@ -1740,10 +1740,11 @@ bool QODBCResult::exec()
case QMetaType::QString:
if (d->unicode) {
if (bindValueType(i) & QSql::Out) {
- const QByteArray &first = tmpStorage.at(i);
- QVarLengthArray<SQLTCHAR> array;
- array.append((const SQLTCHAR *)first.constData(), first.size());
- values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR));
+ const QByteArray &bytes = tmpStorage.at(i);
+ const auto strSize = bytes.size() / sizeof(SQLTCHAR);
+ QVarLengthArray<SQLTCHAR> string(strSize);
+ memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR));
+ values[i] = fromSQLTCHAR(string);
}
break;
}
--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
@@ -745,6 +745,14 @@ QChar QODBCDriverPrivate::quoteChar()
return quote; return quote;
} }
@ -79,7 +101,7 @@ index 386ffccf36..80bf6ad7c0 100644
bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
{ {
@@ -764,10 +788,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) @@ -780,10 +788,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
v = val.toUInt(); v = val.toUInt();
r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0); r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0);
} else if (opt.toUpper() == "SQL_ATTR_CURRENT_CATALOG"_L1) { } else if (opt.toUpper() == "SQL_ATTR_CURRENT_CATALOG"_L1) {
@ -91,7 +113,7 @@ index 386ffccf36..80bf6ad7c0 100644
} else if (opt.toUpper() == "SQL_ATTR_METADATA_ID"_L1) { } else if (opt.toUpper() == "SQL_ATTR_METADATA_ID"_L1) {
if (val.toUpper() == "SQL_TRUE"_L1) { if (val.toUpper() == "SQL_TRUE"_L1) {
v = SQL_TRUE; v = SQL_TRUE;
@@ -782,10 +803,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts) @@ -798,10 +803,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
v = val.toUInt(); v = val.toUInt();
r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0); r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0);
} else if (opt.toUpper() == "SQL_ATTR_TRACEFILE"_L1) { } else if (opt.toUpper() == "SQL_ATTR_TRACEFILE"_L1) {
@ -103,7 +125,7 @@ index 386ffccf36..80bf6ad7c0 100644
} else if (opt.toUpper() == "SQL_ATTR_TRACE"_L1) { } else if (opt.toUpper() == "SQL_ATTR_TRACE"_L1) {
if (val.toUpper() == "SQL_OPT_TRACE_OFF"_L1) { if (val.toUpper() == "SQL_OPT_TRACE_OFF"_L1) {
v = SQL_OPT_TRACE_OFF; v = SQL_OPT_TRACE_OFF;
@@ -988,9 +1006,12 @@ bool QODBCResult::reset (const QString& query) @@ -1004,9 +1006,12 @@ bool QODBCResult::reset (const QString& query)
return false; return false;
} }
@ -119,7 +141,7 @@ index 386ffccf36..80bf6ad7c0 100644
if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) { if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) {
setLastError(qMakeError(QCoreApplication::translate("QODBCResult", setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
"Unable to execute statement"), QSqlError::StatementError, d)); "Unable to execute statement"), QSqlError::StatementError, d));
@@ -1339,9 +1360,12 @@ bool QODBCResult::prepare(const QString& query) @@ -1355,9 +1360,12 @@ bool QODBCResult::prepare(const QString& query)
return false; return false;
} }
@ -135,7 +157,7 @@ index 386ffccf36..80bf6ad7c0 100644
if (r != SQL_SUCCESS) { if (r != SQL_SUCCESS) {
setLastError(qMakeError(QCoreApplication::translate("QODBCResult", setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
@@ -1369,7 +1393,7 @@ bool QODBCResult::exec() @@ -1385,7 +1393,7 @@ bool QODBCResult::exec()
SQLCloseCursor(d->hStmt); SQLCloseCursor(d->hStmt);
QVariantList &values = boundValues(); QVariantList &values = boundValues();
@ -144,7 +166,7 @@ index 386ffccf36..80bf6ad7c0 100644
QVarLengthArray<SQLLEN, 32> indicators(values.count()); QVarLengthArray<SQLLEN, 32> indicators(values.count());
memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN)); memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN));
@@ -1584,36 +1608,36 @@ bool QODBCResult::exec() @@ -1600,36 +1608,36 @@ bool QODBCResult::exec()
case QMetaType::QString: case QMetaType::QString:
if (d->unicode) { if (d->unicode) {
QByteArray &ba = tmpStorage[i]; QByteArray &ba = tmpStorage[i];
@ -193,7 +215,7 @@ index 386ffccf36..80bf6ad7c0 100644
ba.size(), ba.size(),
ind); ind);
break; break;
@@ -1974,14 +1998,16 @@ bool QODBCDriver::open(const QString & db, @@ -1991,14 +1999,16 @@ bool QODBCDriver::open(const QString & db,
SQLSMALLINT cb; SQLSMALLINT cb;
QVarLengthArray<SQLTCHAR> connOut(1024); QVarLengthArray<SQLTCHAR> connOut(1024);
memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR)); memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR));
@ -218,7 +240,7 @@ index 386ffccf36..80bf6ad7c0 100644
if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) { if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) {
setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d));
@@ -2360,17 +2386,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const @@ -2377,17 +2387,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const
if (tableType.isEmpty()) if (tableType.isEmpty())
return tl; return tl;
@ -244,7 +266,7 @@ index 386ffccf36..80bf6ad7c0 100644
if (r != SQL_SUCCESS) if (r != SQL_SUCCESS)
qSqlWarning("QODBCDriver::tables Unable to execute table list"_L1, d); qSqlWarning("QODBCDriver::tables Unable to execute table list"_L1, d);
@@ -2443,28 +2467,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const @@ -2460,28 +2468,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const
SQL_ATTR_CURSOR_TYPE, SQL_ATTR_CURSOR_TYPE,
(SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
SQL_IS_UINTEGER); SQL_IS_UINTEGER);
@ -292,7 +314,7 @@ index 386ffccf36..80bf6ad7c0 100644
if (r != SQL_SUCCESS) { if (r != SQL_SUCCESS) {
qSqlWarning("QODBCDriver::primaryIndex: Unable to execute primary key list"_L1, d); qSqlWarning("QODBCDriver::primaryIndex: Unable to execute primary key list"_L1, d);
@@ -2545,15 +2571,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const @@ -2562,15 +2572,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const
SQL_ATTR_CURSOR_TYPE, SQL_ATTR_CURSOR_TYPE,
(SQLPOINTER)SQL_CURSOR_FORWARD_ONLY, (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
SQL_IS_UINTEGER); SQL_IS_UINTEGER);