Make sure the authenticator does not try to authenticate columns in

subqueries. Ticket #1607. (CVS 2939) FossilOrigin-Name: 55b7dfaf4d3a6d01fffdaf1707e88bcd215d7333
2025-08-08 14:02:16 +03:00 · 2006-01-13 13:55:44 +00:00
parent 327bd59216
commit a3e4d96f5d
4 changed files with 28 additions and 12 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -14,7 +14,7 @@
 ** systems that do not need this facility may omit it by recompiling
 ** the library with -DSQLITE_OMIT_AUTHORIZATION=1
 **
-** $Id: auth.c,v 1.23 2006/01/05 11:34:34 danielk1977 Exp $
+** $Id: auth.c,v 1.24 2006/01/13 13:55:45 drh Exp $
 */
 #include "sqliteInt.h"

@@ -118,6 +118,11 @@ void sqlite3AuthRead(
  if( pExpr->op==TK_AS ) return;
  assert( pExpr->op==TK_COLUMN );
  iDb = sqlite3SchemaToIndex(pParse->db, pExpr->pSchema);
+  if( iDb<0 ){
+    /* An attempt to read a column out of a subquery or other
+    ** temporary table. */
+    return;
+  }
  for(iSrc=0; pTabList && iSrc<pTabList->nSrc; iSrc++){
    if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
  }
@@ -142,7 +147,7 @@ void sqlite3AuthRead(
  }else{
    zCol = "ROWID";
  }
-  assert( iDb<db->nDb );
+  assert( iDb>=0 && iDb<db->nDb );
  zDBase = db->aDb[iDb].zName;
  rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, 
                 pParse->zAuthContext);