mirror of
https://github.com/sqlite/sqlite.git
synced 2025-08-07 02:42:48 +03:00
Ensure that the filename passed into the xFullPathname method of the VFS is
acceptable as an argument to sqlite3_uri_parameter(). The interface spec does not guarantee this, but it has been so historically and some applications have come to depends on it. FossilOrigin-Name: bfb09371d452d5d4dacab2ec476880bc729952f44ac0e5de90ea7ba203243c8c
This commit is contained in:
drh
14
manifest
14
manifest
@@ -1,5 +1,5 @@
|
||||
C Update\sthe\sfuzzcheck\stest\smodule\sso\sthat\sit\savoids\sinserting\stext\svalues\nthat\scontain\sembedded\sNULs\sin\sthe\sXSQL\stable.\s\sFix\ssome\slegacy\sentries\sin\nthe\stest/fuzzdata8.db\sthat\shad\sembedded\sNULs.\s\sAdd\sin\snew\sdbsqlfuzz\scases\nthat\shave\saccumulated\sover\son\sthe\sdbsqlfuzz\sproject\sfor\sa\swhile.
|
||||
D 2020-02-25T20:05:58.963
|
||||
C Ensure\sthat\sthe\sfilename\spassed\sinto\sthe\sxFullPathname\smethod\sof\sthe\sVFS\sis\nacceptable\sas\san\sargument\sto\ssqlite3_uri_parameter().\s\sThe\sinterface\sspec\sdoes\nnot\sguarantee\sthis,\sbut\sit\shas\sbeen\sso\shistorically\sand\ssome\sapplications\nhave\scome\sto\sdepends\son\sit.
|
||||
D 2020-02-27T11:32:14.496
|
||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
|
||||
@@ -467,7 +467,7 @@ F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786
|
||||
F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a
|
||||
F src/alter.c f48a4423c8f198d7f1ae4940f74b606707d05384ac79fb219be8e3323af2a2de
|
||||
F src/analyze.c b3ceec3fc052df8a96ca8a8c858d455dc5029ba681b4be98bb5c5a9162cfa58c
|
||||
F src/attach.c fee2f4279474edad2df73f38ff17d8b6b250429c6e9b59a708fb48a090f3ad32
|
||||
F src/attach.c fa5addce233a2bb2dfdefeee3b37000e154c47214d3269cab1bb331416e330db
|
||||
F src/auth.c a3d5bfdba83d25abed1013a8c7a5f204e2e29b0c25242a56bc02bb0c07bf1e06
|
||||
F src/backup.c 5e617c087f1c2d6005c2ec694ce80d6e16bc68d906e1b1c556d7c7c2228b636b
|
||||
F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
|
||||
@@ -495,7 +495,7 @@ F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71
|
||||
F src/insert.c 9b487eb4b756a2bab16fa5ba19d207375551f7d0b8da3f4dff769f3035dc6bab
|
||||
F src/legacy.c d7874bc885906868cd51e6c2156698f2754f02d9eee1bae2d687323c3ca8e5aa
|
||||
F src/loadext.c b179df50e6e8bb0c36c149e95d958d49bd8c6c7469e59c01b53d164360bc6c32
|
||||
F src/main.c 42577fa09d195dd0f09d4a3d95158ff7f4a677dc83ccb0d6d7e73ff86c2dc6f1
|
||||
F src/main.c 3dfcf24427d623a095df7fce0d92c3ddf7cfda82298016f2b6b11c93ff94a187
|
||||
F src/malloc.c eaa4dc9602ce28b077f7de2eb275db2be270c5cc56d7fec5466301bd9b80e2f5
|
||||
F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
|
||||
F src/mem1.c c12a42539b1ba105e3707d0e628ad70e611040d8f5e38cf942cee30c867083de
|
||||
@@ -1859,7 +1859,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||
P 40739c793b0e98a3bae296d3a1f74944edcdd4cc33c26b417fde4eaf6f14d062
|
||||
R 02479c6654f151ff7effcb61dc46ff16
|
||||
P 47d4240c4a837e829f593bb2aad7563010838f55345e7a0d8e2ea79462aeeb3c
|
||||
R 2699148e97a51982a1cc661fb8022dcc
|
||||
U drh
|
||||
Z 417d1fe691d03d97f7ec8cbb9d1cf8da
|
||||
Z 98b0045957d1e0558a5ad636c29fbb50
|
||||
|
||||
@@ -1 +1 @@
|
||||
47d4240c4a837e829f593bb2aad7563010838f55345e7a0d8e2ea79462aeeb3c
|
||||
bfb09371d452d5d4dacab2ec476880bc729952f44ac0e5de90ea7ba203243c8c
|
||||
@@ -187,7 +187,7 @@ static void attachFunc(
|
||||
if( rc==SQLITE_OK && pNew->zDbSName==0 ){
|
||||
rc = SQLITE_NOMEM_BKPT;
|
||||
}
|
||||
sqlite3_free( zPath );
|
||||
sqlite3_free_filename( zPath );
|
||||
|
||||
/* If the file was opened successfully, read the schema for the new database.
|
||||
** If this fails, or if opening the file failed, then close the file and
|
||||
|
||||
27
src/main.c
27
src/main.c
@@ -2753,9 +2753,11 @@ int sqlite3_limit(sqlite3 *db, int limitId, int newLimit){
|
||||
**
|
||||
** If successful, SQLITE_OK is returned. In this case *ppVfs is set to point to
|
||||
** the VFS that should be used to open the database file. *pzFile is set to
|
||||
** point to a buffer containing the name of the file to open. It is the
|
||||
** responsibility of the caller to eventually call sqlite3_free() to release
|
||||
** this buffer.
|
||||
** point to a buffer containing the name of the file to open. The value
|
||||
** stored in *pzFile is a database name acceptable to sqlite3_uri_parameter()
|
||||
** and is in the same format as names created using sqlite3_create_filename().
|
||||
** The caller must invoke sqlite3_free_filename() (not sqlite3_free()!) on
|
||||
** the value returned in *pzFile to avoid a memory leak.
|
||||
**
|
||||
** If an error occurs, then an SQLite error code is returned and *pzErrMsg
|
||||
** may be set to point to a buffer containing an English language error
|
||||
@@ -2787,7 +2789,7 @@ int sqlite3ParseUri(
|
||||
int eState; /* Parser state when parsing URI */
|
||||
int iIn; /* Input character index */
|
||||
int iOut = 0; /* Output character index */
|
||||
u64 nByte = nUri+2; /* Bytes of space to allocate */
|
||||
u64 nByte = nUri+8; /* Bytes of space to allocate */
|
||||
|
||||
/* Make sure the SQLITE_OPEN_URI flag is set to indicate to the VFS xOpen
|
||||
** method that there may be extra parameters following the file-name. */
|
||||
@@ -2797,6 +2799,9 @@ int sqlite3ParseUri(
|
||||
zFile = sqlite3_malloc64(nByte);
|
||||
if( !zFile ) return SQLITE_NOMEM_BKPT;
|
||||
|
||||
memset(zFile, 0, 4); /* 4-byte of 0x00 is the start of DB name marker */
|
||||
zFile += 4;
|
||||
|
||||
iIn = 5;
|
||||
#ifdef SQLITE_ALLOW_URI_AUTHORITY
|
||||
if( strncmp(zUri+5, "///", 3)==0 ){
|
||||
@@ -2886,8 +2891,7 @@ int sqlite3ParseUri(
|
||||
zFile[iOut++] = c;
|
||||
}
|
||||
if( eState==1 ) zFile[iOut++] = '\0';
|
||||
zFile[iOut++] = '\0';
|
||||
zFile[iOut++] = '\0';
|
||||
memset(zFile+iOut, 0, 4); /* end-of-options + empty journal filenames */
|
||||
|
||||
/* Check if there were any options specified that should be interpreted
|
||||
** here. Options that are interpreted here include "vfs" and those that
|
||||
@@ -2967,13 +2971,14 @@ int sqlite3ParseUri(
|
||||
}
|
||||
|
||||
}else{
|
||||
zFile = sqlite3_malloc64(nUri+2);
|
||||
zFile = sqlite3_malloc64(nUri+8);
|
||||
if( !zFile ) return SQLITE_NOMEM_BKPT;
|
||||
memset(zFile, 0, 4);
|
||||
zFile += 4;
|
||||
if( nUri ){
|
||||
memcpy(zFile, zUri, nUri);
|
||||
}
|
||||
zFile[nUri] = '\0';
|
||||
zFile[nUri+1] = '\0';
|
||||
memset(zFile+nUri, 0, 4);
|
||||
flags &= ~SQLITE_OPEN_URI;
|
||||
}
|
||||
|
||||
@@ -2984,7 +2989,7 @@ int sqlite3ParseUri(
|
||||
}
|
||||
parse_uri_out:
|
||||
if( rc!=SQLITE_OK ){
|
||||
sqlite3_free(zFile);
|
||||
sqlite3_free_filename(zFile);
|
||||
zFile = 0;
|
||||
}
|
||||
*pFlags = flags;
|
||||
@@ -3391,7 +3396,7 @@ opendb_out:
|
||||
sqlite3GlobalConfig.xSqllog(pArg, db, zFilename, 0);
|
||||
}
|
||||
#endif
|
||||
sqlite3_free(zOpen);
|
||||
sqlite3_free_filename(zOpen);
|
||||
return rc & 0xff;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user