From a6dddd9bde0844ad453150954571dcf1af8dccbd Mon Sep 17 00:00:00 2001 From: drh Date: Mon, 18 Apr 2016 15:46:14 +0000 Subject: [PATCH 1/6] Remove quotes from identifiers used as datatype names in a CREATE TABLE statement. Fix for ticket [7d7525cb01b68] FossilOrigin-Name: eba27d4d17a76884292667d570d542e580ee3e77 --- manifest | 16 ++++++++-------- manifest.uuid | 2 +- src/build.c | 1 + test/intpkey.test | 11 +++++++++++ test/pragma.test | 4 ++-- 5 files changed, 23 insertions(+), 11 deletions(-) diff --git a/manifest b/manifest index 658ad56d1a..eb27e8449c 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C The\slast\sparameter\sto\spread64()\sand\spwrite64()\sshould\sbe\soff64_t,\snot\soff_t. -D 2016-04-18T13:09:55.691 +C Remove\squotes\sfrom\sidentifiers\sused\sas\sdatatype\snames\sin\sa\sCREATE\sTABLE\nstatement.\s\sFix\sfor\sticket\s[7d7525cb01b68] +D 2016-04-18T15:46:14.499 F Makefile.in eba680121821b8a60940a81454316f47a341487a F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 71b8b16cf9393f68e2e2035486ca104872558836 @@ -322,7 +322,7 @@ F src/btmutex.c bc87dd3b062cc26edfe79918de2200ccb8d41e73 F src/btree.c 3ae6aea66cc4e13d30162ff0d0d43c7088e34abf F src/btree.h a5008b9afe56e8e54ade6c436a910f112defcca9 F src/btreeInt.h c18b7d2a3494695133e4e60ee36061d37f45d9a5 -F src/build.c 1944d95f0250ec72dab939f8319a12e237aaad61 +F src/build.c 42e8ee74dfa3a4b99bfb2c201f8a66ab50688d95 F src/callback.c 2e76147783386374bf01b227f752c81ec872d730 F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e F src/ctime.c 60e135af364d777a9ab41c97e5e89cd224da6198 @@ -845,7 +845,7 @@ F test/insert5.test 394f96728d1258f406fe5f5aeb0aaf29487c39a6 F test/instr.test 737bbf80685232033f3abedc6ae92f75860b5dd2 F test/intarray.test 066b7d7ac38d25bf96f87f1b017bfc687551cdd4 F test/interrupt.test dfe9a67a94b0b2d8f70545ba1a6cca10780d71cc -F test/intpkey.test 70aab09756b9bd3bcb6b0358f971d7bbace46522 +F test/intpkey.test 153b70e32d008f4f4b2dff8daf448a6110b62a9c F test/io.test f95bca1783b01ea7761671560d023360d2dfa4cc F test/ioerr.test 2a24bd6ed5a8b062e64bfe1f6cf94fb25e92210d F test/ioerr2.test 2593563599e2cc6b6b4fcf5878b177bdd5d8df26 @@ -976,7 +976,7 @@ F test/pcache.test c8acbedd3b6fd0f9a7ca887a83b11d24a007972b F test/pcache2.test af7f3deb1a819f77a6d0d81534e97d1cf62cd442 F test/percentile.test 4243af26b8f3f4555abe166f723715a1f74c77ff F test/permutations.test cd1fa041074ed08eeaa563e4d1bacb0c69337ec1 -F test/pragma.test afbf028be1c35b68f57db8eb015c4a3c59d8f28e +F test/pragma.test dd5313eee9c6d9d4726593a68ede8768d3b50ccc F test/pragma2.test e5d5c176360c321344249354c0c16aec46214c9f F test/pragma3.test 3f1984a04657331f838df5c519b443c2088df922 F test/printf.test b3ff34e73d59124140eaf89f7672e21bc2ca5fcc @@ -1482,7 +1482,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 3e217d6265ecd16db783bed7ce1d9d0f9c4828bb -R 436b9ab5479b24882bf9b5114230dd45 +P 3a7d72986fabe9434ff5bd02c93169314f072b23 +R 761e3cafabae5f2f003bf21bdc2befe8 U drh -Z ed45643e1c73eeadd299c981e6f9488a +Z 8a9e64fdc933327d2408de0f01f55efc diff --git a/manifest.uuid b/manifest.uuid index 9d96c70fe9..540eda5836 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -3a7d72986fabe9434ff5bd02c93169314f072b23 \ No newline at end of file +eba27d4d17a76884292667d570d542e580ee3e77 \ No newline at end of file diff --git a/src/build.c b/src/build.c index 3d93d8b761..c7541bc9d8 100644 --- a/src/build.c +++ b/src/build.c @@ -1086,6 +1086,7 @@ void sqlite3AddColumn(Parse *pParse, Token *pName, Token *pType){ zType = z + sqlite3Strlen30(z) + 1; memcpy(zType, pType->z, pType->n); zType[pType->n] = 0; + sqlite3Dequote(zType); pCol->affinity = sqlite3AffinityType(zType, &pCol->szEst); pCol->colFlags |= COLFLAG_HASTYPE; } diff --git a/test/intpkey.test b/test/intpkey.test index a149f43fb2..c6be5418aa 100644 --- a/test/intpkey.test +++ b/test/intpkey.test @@ -604,5 +604,16 @@ do_test intpkey-15.7 { } } {} +# 2016-04-18 ticket https://www.sqlite.org/src/tktview/7d7525cb01b68712495d3a +# Be sure to escape quoted typenames. +# +do_execsql_test intpkey-16.0 { + CREATE TABLE t16a(id "INTEGER" PRIMARY KEY AUTOINCREMENT, b [TEXT], c `INT`); +} {} +do_execsql_test intpkey-16.1 { + PRAGMA table_info=t16a; +} {0 id INTEGER 0 {} 1 1 b TEXT 0 {} 0 2 c INT 0 {} 0} + + finish_test diff --git a/test/pragma.test b/test/pragma.test index acbe74599e..e3f6f8cb0f 100644 --- a/test/pragma.test +++ b/test/pragma.test @@ -628,10 +628,10 @@ ifcapable tempdb&&attach { } do_test pragma-6.2 { execsql { - CREATE TABLE t2(a,b,c); + CREATE TABLE t2(a TYPE_X, b [TYPE_Y], c "TYPE_Z"); pragma table_info(t2) } -} {0 a {} 0 {} 0 1 b {} 0 {} 0 2 c {} 0 {} 0} +} {0 a TYPE_X 0 {} 0 1 b TYPE_Y 0 {} 0 2 c TYPE_Z 0 {} 0} do_test pragma-6.2.1 { execsql { pragma table_info; From 1a55dedf7ba312cc357fdfa669b14323693b6b90 Mon Sep 17 00:00:00 2001 From: drh Date: Wed, 20 Apr 2016 00:30:05 +0000 Subject: [PATCH 2/6] API Change: Modify sqlite3_enable_load_extension() so that it only enables/disables the load_extension() SQL function, and leaves the C-APIs enabled at all times. In this way, applications can enable extension loading for the C interface without having to expose that capability to the SQL. FossilOrigin-Name: edb454e45ae008e051e2f48d704a855b0c3e4be9 --- manifest | 17 ++++++++++------- manifest.uuid | 2 +- src/func.c | 8 ++++++++ src/loadext.c | 15 --------------- 4 files changed, 19 insertions(+), 23 deletions(-) diff --git a/manifest b/manifest index eb27e8449c..154ad7c55d 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Remove\squotes\sfrom\sidentifiers\sused\sas\sdatatype\snames\sin\sa\sCREATE\sTABLE\nstatement.\s\sFix\sfor\sticket\s[7d7525cb01b68] -D 2016-04-18T15:46:14.499 +C API\sChange:\sModify\ssqlite3_enable_load_extension()\sso\sthat\sit\sonly\nenables/disables\sthe\sload_extension()\sSQL\sfunction,\sand\sleaves\sthe\sC-APIs\nenabled\sat\sall\stimes.\s\sIn\sthis\sway,\sapplications\scan\senable\sextension\sloading\nfor\sthe\sC\sinterface\swithout\shaving\sto\sexpose\sthat\scapability\sto\sthe\sSQL. +D 2016-04-20T00:30:05.107 F Makefile.in eba680121821b8a60940a81454316f47a341487a F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 71b8b16cf9393f68e2e2035486ca104872558836 @@ -332,14 +332,14 @@ F src/delete.c 78eb999114ec04fcf1b7d123ccedb4b5b734930e F src/expr.c 17d4e745ef6a3fd2e4ef863f5f9a4912f1ba1198 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb F src/fkey.c 4c0bd09e602b8ae8d36d81e31e4872d0b53c87bb -F src/func.c 552d300265aed09eea21f68ac742a440550c0062 +F src/func.c 2105701329de3fc2bf47c4153181d412f9f1531c F src/global.c c45ea22aff29334f6a9ec549235ac3357c970015 F src/hash.c 4263fbc955f26c2e8cdc0cf214bc42435aa4e4f5 F src/hash.h c8f3c31722cf3277d03713909761e152a5b81094 F src/hwtime.h d32741c8f4df852c7d959236615444e2b1063b08 F src/insert.c 8f4e9fcbd8e95e85f15647ba8b413b18d556ec2b F src/legacy.c 75d3023be8f0d2b99d60f905090341a03358c58e -F src/loadext.c e70f8f9e97624a232870ea5486e682c813ac3002 +F src/loadext.c 3f74ec102096acc2e33379c8379fced14b66858a F src/main.c 5ac9dccc03faadd6f867f67b9018ff41eeeadb46 F src/malloc.c 1443d1ad95d67c21d77af7ae3f44678252f0efec F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645 @@ -1482,7 +1482,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 3a7d72986fabe9434ff5bd02c93169314f072b23 -R 761e3cafabae5f2f003bf21bdc2befe8 +P eba27d4d17a76884292667d570d542e580ee3e77 +R 9873f5bcb700ee71f0df5e53b0b9f6e3 +T *branch * load-ext-security +T *sym-load-ext-security * +T -sym-trunk * U drh -Z 8a9e64fdc933327d2408de0f01f55efc +Z 9467a7a3e92ef67650d6a6e01e05bbf1 diff --git a/manifest.uuid b/manifest.uuid index 540eda5836..6aaf8e7765 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -eba27d4d17a76884292667d570d542e580ee3e77 \ No newline at end of file +edb454e45ae008e051e2f48d704a855b0c3e4be9 \ No newline at end of file diff --git a/src/func.c b/src/func.c index 662a08f504..17ca7ab9a8 100644 --- a/src/func.c +++ b/src/func.c @@ -1386,6 +1386,14 @@ static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){ sqlite3 *db = sqlite3_context_db_handle(context); char *zErrMsg = 0; + /* Disallow the load_extension function unless the SQLITE_LoadExtension + ** flag is set. See the sqlite3_enable_load_extension() API. + */ + if( (db->flags & SQLITE_LoadExtension)==0 ){ + sqlite3_result_error(context, "not authorized", -1); + return; + } + if( argc==2 ){ zProc = (const char *)sqlite3_value_text(argv[1]); }else{ diff --git a/src/loadext.c b/src/loadext.c index 495001e55a..7be43cb86d 100644 --- a/src/loadext.c +++ b/src/loadext.c @@ -460,22 +460,7 @@ static int sqlite3LoadExtension( if( pzErrMsg ) *pzErrMsg = 0; - - /* Ticket #1863. To avoid a creating security problems for older - ** applications that relink against newer versions of SQLite, the - ** ability to run load_extension is turned off by default. One - ** must call sqlite3_enable_load_extension() to turn on extension - ** loading. Otherwise you get the following error. - */ - if( (db->flags & SQLITE_LoadExtension)==0 ){ - if( pzErrMsg ){ - *pzErrMsg = sqlite3_mprintf("not authorized"); - } - return SQLITE_ERROR; - } - zEntry = zProc ? zProc : "sqlite3_extension_init"; - handle = sqlite3OsDlOpen(pVfs, zFile); #if SQLITE_OS_UNIX || SQLITE_OS_WIN for(ii=0; ii Date: Wed, 20 Apr 2016 18:31:27 +0000 Subject: [PATCH 3/6] Fix a locking race condition in Windows 10 that can occur when two or more processes attempt to recover the same hot journal at the same time. FossilOrigin-Name: 38a4e9d92887898b779493c71e4500f777a4e2e7 --- manifest | 12 ++++++------ manifest.uuid | 2 +- src/os_win.c | 5 ++--- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/manifest b/manifest index eb27e8449c..0271d96ed6 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Remove\squotes\sfrom\sidentifiers\sused\sas\sdatatype\snames\sin\sa\sCREATE\sTABLE\nstatement.\s\sFix\sfor\sticket\s[7d7525cb01b68] -D 2016-04-18T15:46:14.499 +C Fix\sa\slocking\srace\scondition\sin\sWindows\s10\sthat\scan\soccur\swhen\stwo\sor\smore\nprocesses\sattempt\sto\srecover\sthe\ssame\shot\sjournal\sat\sthe\ssame\stime. +D 2016-04-20T18:31:27.150 F Makefile.in eba680121821b8a60940a81454316f47a341487a F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 71b8b16cf9393f68e2e2035486ca104872558836 @@ -360,7 +360,7 @@ F src/os.h 8e976e59eb4ca1c0fca6d35ee803e38951cb0343 F src/os_common.h b2f4707a603e36811d9b1a13278bffd757857b85 F src/os_setup.h c9d4553b5aaa6f73391448b265b89bed0b890faa F src/os_unix.c d0b41a47eb5f0dc00e423a1723aadeab0e78c85f -F src/os_win.c b169437dff859e308b3726594094a2f8ca922941 +F src/os_win.c 1997a873bfc8296a701bd8e2df8c3d5da5afe956 F src/os_win.h eb7a47aa17b26b77eb97e4823f20a00b8bda12ca F src/pager.c 38718a019ca762ba4f6795425d5a54db70d1790d F src/pager.h 329bdf078a4e0a3b35084534d58625d21fd03681 @@ -1482,7 +1482,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 3a7d72986fabe9434ff5bd02c93169314f072b23 -R 761e3cafabae5f2f003bf21bdc2befe8 +P eba27d4d17a76884292667d570d542e580ee3e77 +R 91e3493cbc66272eab1ca1f4455591b7 U drh -Z 8a9e64fdc933327d2408de0f01f55efc +Z f74379d7acb8dab3d54fff08dd9ef3d2 diff --git a/manifest.uuid b/manifest.uuid index 540eda5836..b7ae2958b9 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -eba27d4d17a76884292667d570d542e580ee3e77 \ No newline at end of file +38a4e9d92887898b779493c71e4500f777a4e2e7 \ No newline at end of file diff --git a/src/os_win.c b/src/os_win.c index 929ad346cc..1f26463453 100644 --- a/src/os_win.c +++ b/src/os_win.c @@ -3169,9 +3169,8 @@ static int winLock(sqlite3_file *id, int locktype){ ** the PENDING_LOCK byte is temporary. */ newLocktype = pFile->locktype; - if( (pFile->locktype==NO_LOCK) - || ( (locktype==EXCLUSIVE_LOCK) - && (pFile->locktype==RESERVED_LOCK)) + if( pFile->locktype==NO_LOCK + || (locktype==EXCLUSIVE_LOCK && pFile->locktype<=RESERVED_LOCK) ){ int cnt = 3; while( cnt-->0 && (res = winLockFile(&pFile->h, SQLITE_LOCKFILE_FLAGS, From cdce61e133e58112db4377123380de20e37cfc83 Mon Sep 17 00:00:00 2001 From: drh Date: Wed, 20 Apr 2016 19:30:47 +0000 Subject: [PATCH 4/6] When an error occurs while transitioning out of WAL mode, make sure the locking state is not left at EXCLUSIVE. FossilOrigin-Name: 3340f086510b08ce5b42a8781f1df51bf7c27701 --- manifest | 12 ++++++------ manifest.uuid | 2 +- src/pager.c | 1 + 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/manifest b/manifest index 0271d96ed6..3b102ff170 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\slocking\srace\scondition\sin\sWindows\s10\sthat\scan\soccur\swhen\stwo\sor\smore\nprocesses\sattempt\sto\srecover\sthe\ssame\shot\sjournal\sat\sthe\ssame\stime. -D 2016-04-20T18:31:27.150 +C When\san\serror\soccurs\swhile\stransitioning\sout\sof\sWAL\smode,\smake\ssure\sthe\nlocking\sstate\sis\snot\sleft\sat\sEXCLUSIVE. +D 2016-04-20T19:30:47.222 F Makefile.in eba680121821b8a60940a81454316f47a341487a F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 71b8b16cf9393f68e2e2035486ca104872558836 @@ -362,7 +362,7 @@ F src/os_setup.h c9d4553b5aaa6f73391448b265b89bed0b890faa F src/os_unix.c d0b41a47eb5f0dc00e423a1723aadeab0e78c85f F src/os_win.c 1997a873bfc8296a701bd8e2df8c3d5da5afe956 F src/os_win.h eb7a47aa17b26b77eb97e4823f20a00b8bda12ca -F src/pager.c 38718a019ca762ba4f6795425d5a54db70d1790d +F src/pager.c d20fa46d5beda38095be6070dd4c59e502817c72 F src/pager.h 329bdf078a4e0a3b35084534d58625d21fd03681 F src/parse.y 10eb2f3fb62341291528c7984498054731f9d31e F src/pcache.c 647bb53a86b7bbcf55ad88089b3ea5a9170b90df @@ -1482,7 +1482,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P eba27d4d17a76884292667d570d542e580ee3e77 -R 91e3493cbc66272eab1ca1f4455591b7 +P 38a4e9d92887898b779493c71e4500f777a4e2e7 +R d900f17deba1f548d837d30ffbaf8602 U drh -Z f74379d7acb8dab3d54fff08dd9ef3d2 +Z 44c6d07231ede184477737327be6aaec diff --git a/manifest.uuid b/manifest.uuid index b7ae2958b9..14e0ef795f 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -38a4e9d92887898b779493c71e4500f777a4e2e7 \ No newline at end of file +3340f086510b08ce5b42a8781f1df51bf7c27701 \ No newline at end of file diff --git a/src/pager.c b/src/pager.c index c18b3a32f7..2015808089 100644 --- a/src/pager.c +++ b/src/pager.c @@ -7311,6 +7311,7 @@ int sqlite3PagerCloseWal(Pager *pPager){ pPager->pageSize, (u8*)pPager->pTmpSpace); pPager->pWal = 0; pagerFixMaplimit(pPager); + if( rc && !pPager->exclusiveMode ) pagerUnlockDb(pPager, SHARED_LOCK); } } return rc; From 191dd06195817f9bf0b4250a28dddd97e9622762 Mon Sep 17 00:00:00 2001 From: drh Date: Thu, 21 Apr 2016 01:30:09 +0000 Subject: [PATCH 5/6] Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. FossilOrigin-Name: b2ae5bfa32e608625bd177907596df3dbc2212e1 --- manifest | 25 +++++++++++-------------- manifest.uuid | 2 +- src/func.c | 7 ++----- src/loadext.c | 20 ++++++++++++++++++-- src/main.c | 1 + src/sqlite.h.in | 40 +++++++++++++++++++++++++++++++++++++++- src/sqliteInt.h | 15 ++++++++------- src/test1.c | 1 + 8 files changed, 81 insertions(+), 30 deletions(-) diff --git a/manifest b/manifest index 154ad7c55d..a06de3ef6e 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C API\sChange:\sModify\ssqlite3_enable_load_extension()\sso\sthat\sit\sonly\nenables/disables\sthe\sload_extension()\sSQL\sfunction,\sand\sleaves\sthe\sC-APIs\nenabled\sat\sall\stimes.\s\sIn\sthis\sway,\sapplications\scan\senable\sextension\sloading\nfor\sthe\sC\sinterface\swithout\shaving\sto\sexpose\sthat\scapability\sto\sthe\sSQL. -D 2016-04-20T00:30:05.107 +C Revert\ssqlite3_enable_load_extension()\sto\sits\soriginal\slong-standing\sbehavior.\nAdd\sSQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION\swhich\swill\senable\sonly\sthe\sC-API\sand\nleave\sthe\sSQL\sfunction\sdisabled. +D 2016-04-21T01:30:09.828 F Makefile.in eba680121821b8a60940a81454316f47a341487a F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 71b8b16cf9393f68e2e2035486ca104872558836 @@ -332,15 +332,15 @@ F src/delete.c 78eb999114ec04fcf1b7d123ccedb4b5b734930e F src/expr.c 17d4e745ef6a3fd2e4ef863f5f9a4912f1ba1198 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb F src/fkey.c 4c0bd09e602b8ae8d36d81e31e4872d0b53c87bb -F src/func.c 2105701329de3fc2bf47c4153181d412f9f1531c +F src/func.c b61726e7a1b8f41464d8391d0f2d8a6be1a45281 F src/global.c c45ea22aff29334f6a9ec549235ac3357c970015 F src/hash.c 4263fbc955f26c2e8cdc0cf214bc42435aa4e4f5 F src/hash.h c8f3c31722cf3277d03713909761e152a5b81094 F src/hwtime.h d32741c8f4df852c7d959236615444e2b1063b08 F src/insert.c 8f4e9fcbd8e95e85f15647ba8b413b18d556ec2b F src/legacy.c 75d3023be8f0d2b99d60f905090341a03358c58e -F src/loadext.c 3f74ec102096acc2e33379c8379fced14b66858a -F src/main.c 5ac9dccc03faadd6f867f67b9018ff41eeeadb46 +F src/loadext.c 8b3a73f0624c5f7cadbd5cb89940783bee1d39a6 +F src/main.c 405d13e3a4f7c5add9fb27702ae70ed0a6e32cca F src/malloc.c 1443d1ad95d67c21d77af7ae3f44678252f0efec F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645 F src/mem1.c 6919bcf12f221868ea066eec27e579fed95ce98b @@ -377,15 +377,15 @@ F src/resolve.c b8f7174e5f8c33c44ded3a25a973d0bb89228c20 F src/rowset.c 9fe4b3ad7cc00944386bb600233d8f523de07a6e F src/select.c 30217121bdf6b587462150b8ee9e1467f7a6036b F src/shell.c 14ff7f660530a52b117d110ba3390b7b2eb719b6 -F src/sqlite.h.in 64eb70a3b309751bebf73a5552a51244f68f0ea5 +F src/sqlite.h.in 9984129d86243424b765fcb3f147c697bd20bb54 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 F src/sqlite3ext.h 98f72cbfe00169c39089115427d06ea05fe4b4a2 -F src/sqliteInt.h 49cd2b5cd07cca7c462608540cb6dfa8ab03ba89 +F src/sqliteInt.h ec538389481a3d093f07fb344c5a9dc988042304 F src/sqliteLimit.h c0373387c287c8d0932510b5547ecde31b5da247 F src/status.c 70912d7be68e9e2dbc4010c93d344af61d4c59ba F src/table.c 5226df15ab9179b9ed558d89575ea0ce37b03fc9 F src/tclsqlite.c 9c4c4589d078de37813ded708d8838b338ffb060 -F src/test1.c 457c601302b8a0f5960dffd17b6a2877603841dd +F src/test1.c abc10e3e81258835aeb59616685d7369ba99ad1e F src/test2.c 5586f43fcd9a1be0830793cf9d354082c261b25b F src/test3.c a8887dabbbee3059af338f20d290084a63ed1b0f F src/test4.c d168f83cc78d02e8d35567bb5630e40dcd85ac1e @@ -1482,10 +1482,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P eba27d4d17a76884292667d570d542e580ee3e77 -R 9873f5bcb700ee71f0df5e53b0b9f6e3 -T *branch * load-ext-security -T *sym-load-ext-security * -T -sym-trunk * +P edb454e45ae008e051e2f48d704a855b0c3e4be9 +R 1ffd5268513054a5c042ef7eabb85336 U drh -Z 9467a7a3e92ef67650d6a6e01e05bbf1 +Z 6cdb5487d5064dce1cac61ac30e9bbbf diff --git a/manifest.uuid b/manifest.uuid index 6aaf8e7765..5c2ea41ae7 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -edb454e45ae008e051e2f48d704a855b0c3e4be9 \ No newline at end of file +b2ae5bfa32e608625bd177907596df3dbc2212e1 \ No newline at end of file diff --git a/src/func.c b/src/func.c index 17ca7ab9a8..651591d8c8 100644 --- a/src/func.c +++ b/src/func.c @@ -1386,13 +1386,10 @@ static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){ sqlite3 *db = sqlite3_context_db_handle(context); char *zErrMsg = 0; - /* Disallow the load_extension function unless the SQLITE_LoadExtension + /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc ** flag is set. See the sqlite3_enable_load_extension() API. */ - if( (db->flags & SQLITE_LoadExtension)==0 ){ - sqlite3_result_error(context, "not authorized", -1); - return; - } + if( (db->flags & SQLITE_LoadExtFunc)==0 ) return; if( argc==2 ){ zProc = (const char *)sqlite3_value_text(argv[1]); diff --git a/src/loadext.c b/src/loadext.c index 7be43cb86d..f881d99710 100644 --- a/src/loadext.c +++ b/src/loadext.c @@ -460,7 +460,23 @@ static int sqlite3LoadExtension( if( pzErrMsg ) *pzErrMsg = 0; + + /* Ticket #1863. To avoid a creating security problems for older + ** applications that relink against newer versions of SQLite, the + ** ability to run load_extension is turned off by default. One + ** must call either sqlite3_enable_load_extension(db) or + ** sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION, 1, 0) + ** to turn on extension loading. + */ + if( (db->flags & SQLITE_LoadExtension)==0 ){ + if( pzErrMsg ){ + *pzErrMsg = sqlite3_mprintf("not authorized"); + } + return SQLITE_ERROR; + } + zEntry = zProc ? zProc : "sqlite3_extension_init"; + handle = sqlite3OsDlOpen(pVfs, zFile); #if SQLITE_OS_UNIX || SQLITE_OS_WIN for(ii=0; iimutex); if( onoff ){ - db->flags |= SQLITE_LoadExtension; + db->flags |= SQLITE_LoadExtension|SQLITE_LoadExtFunc; }else{ - db->flags &= ~SQLITE_LoadExtension; + db->flags &= ~(SQLITE_LoadExtension|SQLITE_LoadExtFunc); } sqlite3_mutex_leave(db->mutex); return SQLITE_OK; diff --git a/src/main.c b/src/main.c index 9f773667af..30370f8cab 100644 --- a/src/main.c +++ b/src/main.c @@ -804,6 +804,7 @@ int sqlite3_db_config(sqlite3 *db, int op, ...){ { SQLITE_DBCONFIG_ENABLE_FKEY, SQLITE_ForeignKeys }, { SQLITE_DBCONFIG_ENABLE_TRIGGER, SQLITE_EnableTrigger }, { SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER, SQLITE_Fts3Tokenizer }, + { SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION, SQLITE_LoadExtension }, }; unsigned int i; rc = SQLITE_ERROR; /* IMP: R-42790-23372 */ diff --git a/src/sqlite.h.in b/src/sqlite.h.in index d50d826b41..795236f587 100644 --- a/src/sqlite.h.in +++ b/src/sqlite.h.in @@ -1932,12 +1932,30 @@ struct sqlite3_mem_methods { ** following this call. The second parameter may be a NULL pointer, in ** which case the new setting is not reported back. ** +**
SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION
+**
^This option is used to enable or disable the [sqlite3_load_extension()] +** interface independently of the [load_extension()] SQL function. +** The [sqlite3_enable_load_extension()] API enables or disables both the +** C-API [sqlite3_load_extension()] and the SQL function [load_extension()]. +** There should be two additional arguments. +** When the first argument to this interface is 1, then only the C-API is +** enabled and the SQL function remains disabled. If the first argment to +** this interface is 0, then both the C-API and the SQL function are disabled. +** If the first argument is -1, then no changes are made to state of either the +** C-API or the SQL function. +** The second parameter is a pointer to an integer into which +** is written 0 or 1 to indicate whether [sqlite3_load_extension()] interface +** is disabled or enabled following this call. The second parameter may +** be a NULL pointer, in which case the new setting is not reported back. +**
+** ** */ #define SQLITE_DBCONFIG_LOOKASIDE 1001 /* void* int int */ #define SQLITE_DBCONFIG_ENABLE_FKEY 1002 /* int int* */ #define SQLITE_DBCONFIG_ENABLE_TRIGGER 1003 /* int int* */ #define SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER 1004 /* int int* */ +#define SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1005 /* int int* */ /* @@ -5474,9 +5492,18 @@ int sqlite3_table_column_metadata( ** should free this memory by calling [sqlite3_free()]. ** ** ^Extension loading must be enabled using -** [sqlite3_enable_load_extension()] prior to calling this API, +** [sqlite3_enable_load_extension()] or +** [sqlite3_db_config](db,[SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION],1,NULL) +** prior to calling this API, ** otherwise an error will be returned. ** +** Security warning: It is recommended that the +** [SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION] method be used to enable only this +** interface. The use of the [sqlite3_enable_load_extension()] interface +** should be avoided. This will keep the SQL function [load_extension()] +** disabled and prevent SQL injections from giving attackers +** access to extension loading capabilities. +** ** See also the [load_extension() SQL function]. */ int sqlite3_load_extension( @@ -5499,6 +5526,17 @@ int sqlite3_load_extension( ** ^Call the sqlite3_enable_load_extension() routine with onoff==1 ** to turn extension loading on and call it with onoff==0 to turn ** it back off again. +** +** ^This interface enables or disables both the C-API +** [sqlite3_load_extension()] and the SQL function [load_extension()]. +** Use [sqlite3_db_config](db,[SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION],..) +** to enable or disable only the C-API. +** +** Security warning: It is recommended that extension loading +** be disabled using the [SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION] method +** rather than this interface, so the [load_extension()] SQL function +** remains disabled. This will prevent SQL injections from giving attackers +** access to extension loading capabilities. */ int sqlite3_enable_load_extension(sqlite3 *db, int onoff); diff --git a/src/sqliteInt.h b/src/sqliteInt.h index fe7203b8e1..7bb15d0bf5 100644 --- a/src/sqliteInt.h +++ b/src/sqliteInt.h @@ -1382,13 +1382,14 @@ struct sqlite3 { #define SQLITE_AutoIndex 0x00100000 /* Enable automatic indexes */ #define SQLITE_PreferBuiltin 0x00200000 /* Preference to built-in funcs */ #define SQLITE_LoadExtension 0x00400000 /* Enable load_extension */ -#define SQLITE_EnableTrigger 0x00800000 /* True to enable triggers */ -#define SQLITE_DeferFKs 0x01000000 /* Defer all FK constraints */ -#define SQLITE_QueryOnly 0x02000000 /* Disable database changes */ -#define SQLITE_VdbeEQP 0x04000000 /* Debug EXPLAIN QUERY PLAN */ -#define SQLITE_Vacuum 0x08000000 /* Currently in a VACUUM */ -#define SQLITE_CellSizeCk 0x10000000 /* Check btree cell sizes on load */ -#define SQLITE_Fts3Tokenizer 0x20000000 /* Enable fts3_tokenizer(2) */ +#define SQLITE_LoadExtFunc 0x00800000 /* Enable load_extension() SQL func */ +#define SQLITE_EnableTrigger 0x01000000 /* True to enable triggers */ +#define SQLITE_DeferFKs 0x02000000 /* Defer all FK constraints */ +#define SQLITE_QueryOnly 0x04000000 /* Disable database changes */ +#define SQLITE_VdbeEQP 0x08000000 /* Debug EXPLAIN QUERY PLAN */ +#define SQLITE_Vacuum 0x10000000 /* Currently in a VACUUM */ +#define SQLITE_CellSizeCk 0x20000000 /* Check btree cell sizes on load */ +#define SQLITE_Fts3Tokenizer 0x40000000 /* Enable fts3_tokenizer(2) */ /* diff --git a/src/test1.c b/src/test1.c index 0c5af822c9..5478a72549 100644 --- a/src/test1.c +++ b/src/test1.c @@ -6988,6 +6988,7 @@ static int test_sqlite3_db_config( { "FKEY", SQLITE_DBCONFIG_ENABLE_FKEY }, { "TRIGGER", SQLITE_DBCONFIG_ENABLE_TRIGGER }, { "FTS3_TOKENIZER", SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER }, + { "LOAD_EXTENSION", SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION }, }; int i; int v; From f602a1612338718d8b20bfc7d5467fb46b4cb228 Mon Sep 17 00:00:00 2001 From: drh Date: Thu, 21 Apr 2016 01:58:21 +0000 Subject: [PATCH 6/6] Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. FossilOrigin-Name: debafa5efd37ac60e030d0963ce8e7c4f51a0f10 --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/func.c | 5 ++++- test/loadext.test | 12 +++++++++++- 4 files changed, 23 insertions(+), 10 deletions(-) diff --git a/manifest b/manifest index a06de3ef6e..05c486ec05 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Revert\ssqlite3_enable_load_extension()\sto\sits\soriginal\slong-standing\sbehavior.\nAdd\sSQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION\swhich\swill\senable\sonly\sthe\sC-API\sand\nleave\sthe\sSQL\sfunction\sdisabled. -D 2016-04-21T01:30:09.828 +C Test\scases\sfor\sSQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. +D 2016-04-21T01:58:21.573 F Makefile.in eba680121821b8a60940a81454316f47a341487a F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 71b8b16cf9393f68e2e2035486ca104872558836 @@ -332,7 +332,7 @@ F src/delete.c 78eb999114ec04fcf1b7d123ccedb4b5b734930e F src/expr.c 17d4e745ef6a3fd2e4ef863f5f9a4912f1ba1198 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb F src/fkey.c 4c0bd09e602b8ae8d36d81e31e4872d0b53c87bb -F src/func.c b61726e7a1b8f41464d8391d0f2d8a6be1a45281 +F src/func.c ef4c18c8a66143413ce41a58d582d2c14ddf78e1 F src/global.c c45ea22aff29334f6a9ec549235ac3357c970015 F src/hash.c 4263fbc955f26c2e8cdc0cf214bc42435aa4e4f5 F src/hash.h c8f3c31722cf3277d03713909761e152a5b81094 @@ -875,7 +875,7 @@ F test/like.test 81632c437a947bf1f7130b19537da6a1a844806a F test/like2.test 3b2ee13149ba4a8a60b59756f4e5d345573852da F test/like3.test 3608a2042b6f922f900fbfd5d3ce4e7eca57f7c4 F test/limit.test 0c99a27a87b14c646a9d583c7c89fd06c352663e -F test/loadext.test 648cb95f324d1775c54a55c12271b2d1156b633b +F test/loadext.test 42a3b8166dfcadcb0e0c8710dc520d97c31a8b98 F test/loadext2.test 0408380b57adca04004247179837a18e866a74f7 F test/lock.test b984ab9034e7389be0d863fe4e64cbbc4d2028f5 F test/lock2.test 5242d8ac4e2d59c403aebff606af449b455aceff @@ -1482,7 +1482,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P edb454e45ae008e051e2f48d704a855b0c3e4be9 -R 1ffd5268513054a5c042ef7eabb85336 +P b2ae5bfa32e608625bd177907596df3dbc2212e1 +R 142ad50676c76bf1cd4debbac256d360 U drh -Z 6cdb5487d5064dce1cac61ac30e9bbbf +Z d6546b0e1c5ecba4524ffa3ce100a1b6 diff --git a/manifest.uuid b/manifest.uuid index 5c2ea41ae7..7305430aec 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -b2ae5bfa32e608625bd177907596df3dbc2212e1 \ No newline at end of file +debafa5efd37ac60e030d0963ce8e7c4f51a0f10 \ No newline at end of file diff --git a/src/func.c b/src/func.c index 651591d8c8..4feedc7440 100644 --- a/src/func.c +++ b/src/func.c @@ -1389,7 +1389,10 @@ static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){ /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc ** flag is set. See the sqlite3_enable_load_extension() API. */ - if( (db->flags & SQLITE_LoadExtFunc)==0 ) return; + if( (db->flags & SQLITE_LoadExtFunc)==0 ){ + sqlite3_result_error(context, "not authorized", -1); + return; + } if( argc==2 ){ zProc = (const char *)sqlite3_value_text(argv[1]); diff --git a/test/loadext.test b/test/loadext.test index 7ba4c0cf77..e6ba21e187 100644 --- a/test/loadext.test +++ b/test/loadext.test @@ -111,7 +111,7 @@ do_test loadext-1.2 { # do_test loadext-1.3 { sqlite3 db2 test.db - sqlite3_enable_load_extension db2 1 + sqlite3_db_config db2 SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1 catchsql { SELECT half(1.0); } db2 @@ -256,6 +256,7 @@ do_test loadext-4.2 { } } {0 {{}}} +# disable all extension loading do_test loadext-4.3 { sqlite3_enable_load_extension db 0 catchsql { @@ -263,6 +264,15 @@ do_test loadext-4.3 { } } {1 {not authorized}} +# enable C-api extension loading only. Show that the SQL function +# still does not work. +do_test loadext-4.4 { + sqlite3_db_config db SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1 + catchsql { + SELECT load_extension($::testextension,'testloadext_init') + } +} {1 {not authorized}} + source $testdir/malloc_common.tcl