mirror of
https://github.com/sqlite/sqlite.git
synced 2025-08-07 02:42:48 +03:00
Add the SQLITE_DBCONFIG_DEFENSIVE flag.
FossilOrigin-Name: af3f29d49359af2291b1d9e06e0db76fd000fbd24b4ac84d2668a0d1322efd83
This commit is contained in:
drh
29
manifest
29
manifest
@@ -1,5 +1,5 @@
|
||||
C Fix\sa\sassert()\sin\sthe\squery\splanner\sthat\scan\sarise\swhen\sdoing\srow-value\noperations\son\sa\sPRIMARY\sKEY\sthat\scontains\sduplicate\scolumns.\nTicket\s[1a84668dcfdebaf12415d].
|
||||
D 2018-11-03T13:11:24.271
|
||||
C Add\sthe\sSQLITE_DBCONFIG_DEFENSIVE\sflag.
|
||||
D 2018-11-03T16:09:59.962
|
||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||
F Makefile.in edbb6e20bb1decf65f6c64c9e61004a69bdf8afb39cdce5337c916b03dfcd1e3
|
||||
@@ -445,17 +445,17 @@ F src/auth.c 0fac71038875693a937e506bceb492c5f136dd7b1249fbd4ae70b4e8da14f9df
|
||||
F src/backup.c 78d3cecfbe28230a3a9a1793e2ead609f469be43e8f486ca996006be551857ab
|
||||
F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
|
||||
F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
|
||||
F src/btree.c 75ec3352656834ed096af95410610e7e7f16e1cdb65b0876bad49387b01d21b3
|
||||
F src/btree.c 41ab526796e7f3cc6e4c6d096c90ad35f0d3d1fe65964dcc0c4fddbbc7ad349d
|
||||
F src/btree.h febb2e817be499570b7a2e32a9bbb4b607a9234f6b84bb9ae84916d4806e96f2
|
||||
F src/btreeInt.h 620ab4c7235f43572cf3ac2ac8723cbdf68073be4d29da24897c7b77dda5fd96
|
||||
F src/build.c 792a3246e8d080f631cb697e28f2da2ef21fa9f83a5476548f1ee4175d11cfaf
|
||||
F src/build.c f5d49f97ab567b99fcc7ef8512cf0e61a662ba442a5d1fa8273edbc7575b92d4
|
||||
F src/callback.c 789bd33d188146f66c0dd8306472a72d1c05f71924b24a91caf6bd45cf9aba73
|
||||
F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e
|
||||
F src/ctime.c 109e58d00f62e8e71ee1eb5944ac18b90171c928ab2e082e058056e1137cc20b
|
||||
F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957
|
||||
F src/dbpage.c 4aa7f26198934dbd002e69418220eae3dbc71b010bbac32bd78faf86b52ce6c3
|
||||
F src/dbpage.c ada9bc6964bb68e4c128df70cb0938faaa214e1a0e1d730ea6b13c5e1fde9a45
|
||||
F src/dbstat.c e042b0e7833fdacf2d5ea92c6b536962fea6aeed8b7287ca87ddfa3412bd9564
|
||||
F src/delete.c 107e28d3ef8bd72fd11953374ca9107cd74e8b09c3ded076a6048742d26ce7d2
|
||||
F src/delete.c 2ddd40f4b04647e85e4e8665e552b96971cd0026f7e6431ac9c1ce249d1d9161
|
||||
F src/expr.c 9aacc0b72348ba90010b672dcbbbe2fa56e1182043bc917a3a147b2bc57a5497
|
||||
F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
|
||||
F src/fkey.c 972a4ba14296bef2303a0abbad1e3d82bc3c61f9e6ce4e8e9528bdee68748812
|
||||
@@ -468,7 +468,7 @@ F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71
|
||||
F src/insert.c 6b81aae27b196925d8ff78824f4bbd435d6a40cd38dc324685e21735bb402109
|
||||
F src/legacy.c 134ab3e3fae00a0f67a5187981d6935b24b337bcf0f4b3e5c9fa5763da95bf4e
|
||||
F src/loadext.c 448eab53ecdb566a1259ee2d45ebff9c0bc4a2cf393774488775c33e4fbe89bf
|
||||
F src/main.c 6275ece0699a957c4709a7ebe29476f132adbe459d18a6b497e234e4669abf91
|
||||
F src/main.c 03204aa22720654f0bc128b6d25626a89f9faca17e10ffdf738036d5453b13b3
|
||||
F src/malloc.c 07295435093ce354c6d9063ac05a2eeae28bd251d2e63c48b3d67c12c76f7e18
|
||||
F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
|
||||
F src/mem1.c c12a42539b1ba105e3707d0e628ad70e611040d8f5e38cf942cee30c867083de
|
||||
@@ -505,11 +505,11 @@ F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
|
||||
F src/resolve.c bc8c79e56439b111e7d9415e44940951f7087e9466c3a9d664558ef0faf31073
|
||||
F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93
|
||||
F src/select.c 61e867a906f140b73baf4ce7a201ad6dcba30820969f5618ee40e9a0d32c6f5f
|
||||
F src/shell.c.in f5a89e43e1b3255fcc274f5185595f547199757e0c59e3ea938af9676e9557d4
|
||||
F src/sqlite.h.in 4f95d6f484ce247fa7cbb7382641d40919cfe9c3bf8091bc462638c7bac4efea
|
||||
F src/shell.c.in 060ccc327959bdc85c895015eb382017fd0cd000ebd47b7e8dda42f8aab0b66f
|
||||
F src/sqlite.h.in 1383b2fbce61bd3634caeafb2513205326a297e988ea749d4f6dec7da7a281c9
|
||||
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
|
||||
F src/sqlite3ext.h 960f1b86c3610fa23cb6a267572a97dcf286e77aa0dd3b9b23292ffaa1ea8683
|
||||
F src/sqliteInt.h 66ec6304f4eeae77483e13399bb389c60b37764250ac415cd0bac068a8336866
|
||||
F src/sqliteInt.h 16a6fe6475b4452dc7250afb40303f7cc3065024bab7ef412a9284247aac281c
|
||||
F src/sqliteLimit.h 1513bfb7b20378aa0041e7022d04acb73525de35b80b252f1b83fedb4de6a76b
|
||||
F src/status.c 46e7aec11f79dad50965a5ca5fa9de009f7d6bde08be2156f1538a0a296d4d0e
|
||||
F src/table.c b46ad567748f24a326d9de40e5b9659f96ffff34
|
||||
@@ -1775,7 +1775,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||
P 1fa74930ab56171e2e840d4a5b259abafb0ad1e0320fc3030066570a6dd10002
|
||||
R 707185102d60512231af7b837ac929dd
|
||||
P dcb8c73594ea6b12bad98dc883a585d3e6b925c2ead267dc40332b3d266db5e8
|
||||
R 70fb126ec78ede93e02159f3b0e08576
|
||||
T *branch * dbconfig-defensive
|
||||
T *sym-dbconfig-defensive *
|
||||
T -sym-trunk *
|
||||
U drh
|
||||
Z 05c1146263aa5b30b6bada73e8bbc541
|
||||
Z 063598bbdddb8e4a121c6e32c0dbaf4a
|
||||
|
||||
@@ -1 +1 @@
|
||||
dcb8c73594ea6b12bad98dc883a585d3e6b925c2ead267dc40332b3d266db5e8
|
||||
af3f29d49359af2291b1d9e06e0db76fd000fbd24b4ac84d2668a0d1322efd83
|
||||
@@ -3112,7 +3112,9 @@ static int lockBtree(BtShared *pBt){
|
||||
pageSize-usableSize);
|
||||
return rc;
|
||||
}
|
||||
if( (pBt->db->flags & SQLITE_WriteSchema)==0 && nPage>nPageFile ){
|
||||
if( (pBt->db->flags & (SQLITE_WriteSchema|SQLITE_Defensive))==0
|
||||
&& nPage>nPageFile
|
||||
){
|
||||
rc = SQLITE_CORRUPT_BKPT;
|
||||
goto page1_init_failed;
|
||||
}
|
||||
|
||||
@@ -806,7 +806,7 @@ int sqlite3TwoPartName(
|
||||
*/
|
||||
int sqlite3CheckObjectName(Parse *pParse, const char *zName){
|
||||
if( !pParse->db->init.busy && pParse->nested==0
|
||||
&& (pParse->db->flags & SQLITE_WriteSchema)==0
|
||||
&& (pParse->db->flags & (SQLITE_WriteSchema|SQLITE_Defensive))==0
|
||||
&& 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
|
||||
sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s", zName);
|
||||
return SQLITE_ERROR;
|
||||
|
||||
@@ -313,6 +313,10 @@ static int dbpageUpdate(
|
||||
Pager *pPager;
|
||||
int szPage;
|
||||
|
||||
if( pTab->db->flags & SQLITE_Defensive ){
|
||||
zErr = "read-only";
|
||||
goto update_fail;
|
||||
}
|
||||
if( argc==1 ){
|
||||
zErr = "cannot delete";
|
||||
goto update_fail;
|
||||
|
||||
@@ -63,7 +63,7 @@ int sqlite3IsReadOnly(Parse *pParse, Table *pTab, int viewOk){
|
||||
if( ( IsVirtual(pTab)
|
||||
&& sqlite3GetVTable(pParse->db, pTab)->pMod->pModule->xUpdate==0 )
|
||||
|| ( (pTab->tabFlags & TF_Readonly)!=0
|
||||
&& (pParse->db->flags & SQLITE_WriteSchema)==0
|
||||
&& (pParse->db->flags & (SQLITE_WriteSchema|SQLITE_Defensive))==0
|
||||
&& pParse->nested==0 )
|
||||
){
|
||||
sqlite3ErrorMsg(pParse, "table %s may not be modified", pTab->zName);
|
||||
|
||||
@@ -835,6 +835,7 @@ int sqlite3_db_config(sqlite3 *db, int op, ...){
|
||||
{ SQLITE_DBCONFIG_ENABLE_QPSG, SQLITE_EnableQPSG },
|
||||
{ SQLITE_DBCONFIG_TRIGGER_EQP, SQLITE_TriggerEQP },
|
||||
{ SQLITE_DBCONFIG_RESET_DATABASE, SQLITE_ResetDatabase },
|
||||
{ SQLITE_DBCONFIG_DEFENSIVE, SQLITE_Defensive },
|
||||
};
|
||||
unsigned int i;
|
||||
rc = SQLITE_ERROR; /* IMP: R-42790-23372 */
|
||||
|
||||
@@ -5956,6 +5956,7 @@ static int do_meta_command(char *zLine, ShellState *p){
|
||||
{ "enable_qpsg", SQLITE_DBCONFIG_ENABLE_QPSG },
|
||||
{ "trigger_eqp", SQLITE_DBCONFIG_TRIGGER_EQP },
|
||||
{ "reset_database", SQLITE_DBCONFIG_RESET_DATABASE },
|
||||
{ "defensive", SQLITE_DBCONFIG_DEFENSIVE },
|
||||
};
|
||||
int ii, v;
|
||||
open_db(p, 0);
|
||||
|
||||
@@ -2158,6 +2158,29 @@ struct sqlite3_mem_methods {
|
||||
** Because resetting a database is destructive and irreversible, the
|
||||
** process requires the use of this obscure API and multiple steps to help
|
||||
** ensure that it does not happen by accident.
|
||||
**
|
||||
** <dt>SQLITE_DBCONFIG_DEFENSIVE</dt>
|
||||
** <dd>The SQLITE_DBCONFIG_DEFENSIVE option actives or deactivates the
|
||||
** "defensive" flag for a database connection. When the defensive
|
||||
** flag is enabled, some obscure features of SQLite are disabled in order
|
||||
** to reduce the attack surface. Applications that run untrusted SQL
|
||||
** can activate this flag to reduce the risk of zero-day exploits.
|
||||
** <p>
|
||||
** Features disabled by the defensive flag include:
|
||||
** <ul>
|
||||
** <li>The [PRAGMA writable_schema=ON] statement.
|
||||
** <li>Writes to the [sqlite_dbpage] virtual table.
|
||||
** </ul>
|
||||
** New restrictions may be added in future releases.
|
||||
** <p>
|
||||
** To be clear: It should never be possible for hostile SQL to cause
|
||||
** arbitrary memory reads, memory leaks, buffer overflows, assertion
|
||||
** faults, arbitrary code execution, crashes, or other mischief, regardless
|
||||
** of the value of the defensive flag. Any occurrance of these problems
|
||||
** is considered a serious bug and will be fixed promptly. It is not
|
||||
** necessary to enable the defensive flag in order to make SQLite secure
|
||||
** against attack. The defensive flag merely provides an additional layer
|
||||
** of defense against unknown vulnerabilities.
|
||||
** </dd>
|
||||
** </dl>
|
||||
*/
|
||||
@@ -2171,7 +2194,8 @@ struct sqlite3_mem_methods {
|
||||
#define SQLITE_DBCONFIG_ENABLE_QPSG 1007 /* int int* */
|
||||
#define SQLITE_DBCONFIG_TRIGGER_EQP 1008 /* int int* */
|
||||
#define SQLITE_DBCONFIG_RESET_DATABASE 1009 /* int int* */
|
||||
#define SQLITE_DBCONFIG_MAX 1009 /* Largest DBCONFIG */
|
||||
#define SQLITE_DBCONFIG_DEFENSIVE 1010 /* int int* */
|
||||
#define SQLITE_DBCONFIG_MAX 1010 /* Largest DBCONFIG */
|
||||
|
||||
/*
|
||||
** CAPI3REF: Enable Or Disable Extended Result Codes
|
||||
|
||||
@@ -1540,6 +1540,7 @@ struct sqlite3 {
|
||||
#define SQLITE_ResetDatabase 0x02000000 /* Reset the database */
|
||||
#define SQLITE_LegacyAlter 0x04000000 /* Legacy ALTER TABLE behaviour */
|
||||
#define SQLITE_NoSchemaError 0x08000000 /* Do not report schema parse errors*/
|
||||
#define SQLITE_Defensive 0x10000000 /* Input SQL is likely hostile */
|
||||
|
||||
/* Flags used only if debugging */
|
||||
#define HI(X) ((u64)(X)<<32)
|
||||
|
||||
Reference in New Issue
Block a user