dev-db/libdbi-drivers: fix memory corruption issues w/ sqlite

Backport some memory corruption fixes for sqlite3. Note that I haven't fixed bug #920440 - I have essentially no idea about this package and I'd really prefer someone investigate what it's even trying to do there. Bug: https://bugs.gentoo.org/920440 Closes: https://bugs.gentoo.org/920460 Closes: https://bugs.gentoo.org/933427 Signed-off-by: Sam James <[email protected]>
johu · Jun 12, 2024 · 1c52fc0 · 1c52fc0
1 parent dd6598a
commit 1c52fc0
Show file tree

Hide file tree

Showing 4 changed files with 128 additions and 0 deletions.
diff --git a/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-buffer-overflow-sqlite.patch b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-buffer-overflow-sqlite.patch
@@ -0,0 +1,14 @@
+https://bugs.gentoo.org/933427
+https://sourceforge.net/p/libdbi-drivers/libdbi-drivers/ci/7657c4c688c021d5f42a38e998c876d1739d5d8f
+--- a/drivers/sqlite3/dbd_sqlite3.c
++++ b/drivers/sqlite3/dbd_sqlite3.c
+@@ -585,7 +585,8 @@
+   unsigned char *temp;
+   size_t len;
+
+-  if ((temp = malloc(from_length*2)) == NULL) {
++  /* allocate an extra byte for NULL and two for the quotes */
++  if ((temp = malloc(2*from_length+1+2)) == NULL) {
+     return 0;
+   }
+
diff --git a/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-c99.patch b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-c99.patch
@@ -0,0 +1,11 @@
+https://bugs.gentoo.org/920460
+--- a/drivers/firebird/dbd_firebird.c
++++ b/drivers/firebird/dbd_firebird.c
+@@ -43,6 +43,7 @@
+ #include <string.h>
+ #include <time.h>
+ #include <ibase.h>
++#include <ctype.h>
+
+ #include "dbd_firebird.h"
+ #include "firebird_charsets.h"
diff --git a/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-fortify-source-sqlite.patch b/dev-db/libdbi-drivers/files/libdbi-drivers-0.9.0-fortify-source-sqlite.patch
@@ -0,0 +1,13 @@
+https://bugs.gentoo.org/933427
+https://sourceforge.net/p/libdbi-drivers/libdbi-drivers/ci/24f48b86c8988ee3aaebc5f303d71e9d789f77b6/
+--- a/drivers/sqlite3/dbd_sqlite3.c
++++ b/drivers/sqlite3/dbd_sqlite3.c
+@@ -1451,7 +1451,7 @@ static int getTables(char** tables, int
+ 		    break;
+ 		  }
+
+-		  word_lower[item-start+1];
++		  char word_lower[item-start+1];
+ 		  strncpy(word_lower,start,item-start);
+ 		  word_lower[item-start] = '\0';
+ 		  int i = 0;
diff --git a/dev-db/libdbi-drivers/libdbi-drivers-0.9.0-r3.ebuild b/dev-db/libdbi-drivers/libdbi-drivers-0.9.0-r3.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="The libdbi-drivers project maintains drivers for libdbi"
+HOMEPAGE="https://libdbi-drivers.sourceforge.net/"
+SRC_URI="https://downloads.sourceforge.net/project/${PN}/${PN}/${P}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="doc firebird mysql oci8 postgres +sqlite static-libs"
+
+REQUIRED_USE="|| ( mysql postgres sqlite firebird oci8 )"
+RESTRICT="firebird? ( bindist )"
+
+RDEPEND="
+	>=dev-db/libdbi-0.9.0
+	firebird? ( dev-db/firebird )
+	mysql? ( dev-db/mysql-connector-c:= )
+	postgres? ( dev-db/postgresql:* )
+	sqlite? ( dev-db/sqlite:3 )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="doc? ( app-text/openjade )"
+
+DOCS=( AUTHORS ChangeLog NEWS README README.osx TODO )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.9.0-doc-build-fix.patch
+	"${FILESDIR}"/${PN}-0.9.0-slibtool-libdir.patch
+	"${FILESDIR}"/${PN}-0.9.0-clang16-build-fix.patch
+	"${FILESDIR}"/${PN}-0.9.0-fortify-source-sqlite.patch
+	"${FILESDIR}"/${PN}-0.9.0-buffer-overflow-sqlite.patch
+	"${FILESDIR}"/${PN}-0.9.0-c99.patch
+)
+
+pkg_setup() {
+	use oci8 && [[ -z "${ORACLE_HOME}" ]] && die "\$ORACLE_HOME is not set!"
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	local myconf=""
+	# WARNING: the configure script does NOT work correctly
+	# --without-$driver does NOT work
+	# so do NOT use `use_with...`
+	# Future additions:
+	# msql
+	# freetds
+	# ingres
+	# db2
+	use mysql && myconf+=" --with-mysql"
+	use postgres && myconf+=" --with-pgsql"
+	use sqlite && myconf+=" --with-sqlite3"
+	use firebird && myconf+=" --with-firebird"
+	if use oci8; then
+		[[ -z "${ORACLE_HOME}" ]] && die "\$ORACLE_HOME is not set!"
+		myconf+=" --with-oracle-dir=${ORACLE_HOME} --with-oracle"
+	fi
+
+	econf \
+		$(use_enable doc docs) \
+		$(use_enable static-libs static) \
+		--with-dbi-libdir=/usr/$(get_libdir) \
+		${myconf}
+}
+
+src_test() {
+	if [[ -z "${WANT_INTERACTIVE_TESTS}" ]]; then
+		ewarn "Tests disabled due to interactivity."
+		ewarn "Run with WANT_INTERACTIVE_TESTS=1 if you want them."
+		return 0
+	fi
+	einfo "Running interactive tests"
+	emake check
+}
+
+src_install() {
+	default
+
+	find "${ED}" -name '*.la' -type f -delete || die
+}