diff --git a/manifest b/manifest index d1c49637ab..a48d5812b2 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Reinstate\stest\scases\sfor\sthe\slimit\stests.\s\sThe\ssqlite3_limit()\sAPI\sis\snow\ntested\sand\sworking.\s(CVS\s4899) -D 2008-03-20T16:30:18 +C In\sthe\ssqlite3_limit()\sinterface,\stake\sout\sthe\sfeature\swhere\szero\smeans\nuse\sthe\shard\supper\sbound.\s\sIf\san\sapplication\swants\sthe\shard\supper\sbound,\nit\scan\sset\sthe\slimit\sto\s0x7fffffff\sand\sthe\sbound\swill\sbe\sautomatically\ntruncated.\s(CVS\s4900) +D 2008-03-20T18:00:49 F Makefile.arm-wince-mingw32ce-gcc ac5f7b2cef0cd850d6f755ba6ee4ab961b1fadf7 F Makefile.in cf434ce8ca902e69126ae0f94fc9f7dc7428a5fa F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -104,7 +104,7 @@ F src/insert.c 358c80592c20a61a8d5b4a127215b5e25de652f4 F src/journal.c 807bed7a158979ac8d63953e1774e8d85bff65e2 F src/legacy.c cb1939fdeb91ea88fb44fbd2768a10e14bc44650 F src/loadext.c f26b22f7c84153c9d5dbd7c240848823c6e6b6dc -F src/main.c 24711c8e40107aad521eaa56ddf16068222061db +F src/main.c f9c9a666f0cc5f5a4b768e48d12c1d1e65bf9b36 F src/malloc.c 60e392a4c12c839517f9b0db7b995f825444fb35 F src/md5.c c5fdfa5c2593eaee2e32a5ce6c6927c986eaf217 F src/mem1.c fc716ff521b6dd3e43eaa211967383308800e70a @@ -138,7 +138,7 @@ F src/random.c 8b6ab5418cf0f4dde551730825d67da1457c2b3c F src/select.c 2a0f383a16c780b8ee8108e994c2f6c4f82233a9 F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96 F src/shell.c 22297fffa6f00a6c6d44020fa13b1184a1bb372d -F src/sqlite.h.in 8c9d194ccb6b2b0d00078192c2c4f92d46a7abe4 +F src/sqlite.h.in b18c4cb006f16237aa044200ddd6a16cf4b7457c F src/sqlite3ext.h faacd0e6a81aabee0861c6d7883c9172e74ef5b3 F src/sqliteInt.h c96aca7c69ba463ee09eac19b1ac9974752b467e F src/sqliteLimit.h eecbc288b410ae5565e71aaa4a439aae57bb0707 @@ -450,7 +450,7 @@ F test/speed1.test 22e1b27af0683ed44dcd2f93ed817a9c3e65084a F test/speed2.test 53177056baf6556dcbdcf032bbdfc41c1aa74ded F test/speed3.test e312d7e442a5047d730569fdae2ba99bc94e1a13 F test/speed4.test 20d8ea20bea3ca09c3ef3b5ec820a17e58e132cb -F test/sqllimits1.test 9ecac01f2f51e3f5f7407a53af2483d096a3f540 +F test/sqllimits1.test 844c594775e5e34b3fdfea09ff52e2ea273834bf F test/subquery.test 8203f85db56ba022a57a0589890090c8feed4e59 F test/subselect.test 974e87f8fc91c5f00dd565316d396a5a6c3106c4 F test/substr.test 4be572ac017143e59b4058dc75c91a0d0dc6d4e0 @@ -624,7 +624,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5 -P 53b4a09040341a981b2f33399a1ddcee952ba3ef -R aff205d8a20c135ccafeedae04a2e788 +P 4c4be4c3c8aae97f1d85442b25afba9f0b02c8b3 +R 10f06e62355868edd7f0d48570d09623 U drh -Z e01b238f8fcef143071d3d310a36fa66 +Z 5ee7e525e24d3023d636da94fdb9521e diff --git a/manifest.uuid b/manifest.uuid index c1383387ce..04165108c0 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -4c4be4c3c8aae97f1d85442b25afba9f0b02c8b3 \ No newline at end of file +d6be1f495ec57158f7bcca3e32145a9a8fde723a \ No newline at end of file diff --git a/src/main.c b/src/main.c index c472ba320e..140e64a62d 100644 --- a/src/main.c +++ b/src/main.c @@ -14,7 +14,7 @@ ** other files are for internal use by SQLite and should not be ** accessed by users of the library. ** -** $Id: main.c,v 1.427 2008/03/20 16:30:18 drh Exp $ +** $Id: main.c,v 1.428 2008/03/20 18:00:49 drh Exp $ */ #include "sqliteInt.h" #include @@ -1001,9 +1001,7 @@ int sqlite3_limit(sqlite3 *db, int limitId, int newLimit){ } oldLimit = db->aLimit[limitId]; if( newLimit>=0 ){ - if( newLimit==0 ){ - newLimit = aHardLimit[limitId]; - }else if( aHardLimit[limitId]>0 && newLimit>aHardLimit[limitId] ){ + if( newLimit>aHardLimit[limitId] ){ newLimit = aHardLimit[limitId]; } db->aLimit[limitId] = newLimit; diff --git a/src/sqlite.h.in b/src/sqlite.h.in index 6032cf8e5a..158c6e1e33 100644 --- a/src/sqlite.h.in +++ b/src/sqlite.h.in @@ -30,7 +30,7 @@ ** the version number) and changes its name to "sqlite3.h" as ** part of the build process. ** -** @(#) $Id: sqlite.h.in,v 1.297 2008/03/20 16:30:18 drh Exp $ +** @(#) $Id: sqlite.h.in,v 1.298 2008/03/20 18:00:49 drh Exp $ */ #ifndef _SQLITE3_H_ #define _SQLITE3_H_ @@ -1619,14 +1619,14 @@ void sqlite3_randomness(int N, void *P); ** CAPI3REF: Compile-Time Authorization Callbacks {F12500} ** ** This routine registers a authorizer callback with a particular -** database connection, supplied in the first argument. +** [database connection], supplied in the first argument. ** The authorizer callback is invoked as SQL statements are being compiled ** by [sqlite3_prepare()] or its variants [sqlite3_prepare_v2()], ** [sqlite3_prepare16()] and [sqlite3_prepare16_v2()]. At various ** points during the compilation process, as logic is being created ** to perform various actions, the authorizer callback is invoked to ** see if those actions are allowed. The authorizer callback should -** return SQLITE_OK to allow the action, [SQLITE_IGNORE] to disallow the +** return [SQLITE_OK] to allow the action, [SQLITE_IGNORE] to disallow the ** specific action but allow the SQL statement to continue to be ** compiled, or [SQLITE_DENY] to cause the entire SQL statement to be ** rejected with an error. If the authorizer callback returns @@ -1639,9 +1639,9 @@ void sqlite3_randomness(int N, void *P); ** [sqlite3_prepare_v2()] or equivalent call that triggered the ** authorizer will fail with an error message explaining that ** access is denied. If the authorizer code is [SQLITE_READ] -** and the callback returns [SQLITE_IGNORE] then the prepared -** statement is constructed to insert a NULL value in place of -** the table column that would have +** and the callback returns [SQLITE_IGNORE] then the +** [prepared statement] statement is constructed to substitute +** a NULL value in place of the table column that would have ** been read if [SQLITE_OK] had been returned. The [SQLITE_IGNORE] ** return can be used to deny an untrusted user access to individual ** columns of a table. @@ -1654,7 +1654,8 @@ void sqlite3_randomness(int N, void *P); ** parameters to the callback are zero-terminated strings that contain ** additional details about the action to be authorized. ** -** An authorizer is used when preparing SQL statements from an untrusted +** An authorizer is used when [sqlite3_prepare | preparing] +** SQL statements from an untrusted ** source, to ensure that the SQL statements do not try to access data ** that they are not allowed to see, or that they do not try to ** execute malicious statements that damage the database. For @@ -1662,8 +1663,13 @@ void sqlite3_randomness(int N, void *P); ** SQL queries for evaluation by a database. But the application does ** not want the user to be able to make arbitrary changes to the ** database. An authorizer could then be put in place while the -** user-entered SQL is being prepared that disallows everything -** except SELECT statements. +** user-entered SQL is being [sqlite3_prepare | prepared] that +** disallows everything except [SELECT] statements. +** +** Applications that need to process SQL from untrusted sources +** might also consider lowering resource limits using [sqlite3_limit()] +** and limiting database size using the [max_page_count] [PRAGMA] +** in addition to using an authorizer. ** ** Only a single authorizer can be in place on a database connection ** at a time. Each call to sqlite3_set_authorizer overrides the @@ -2166,35 +2172,37 @@ typedef struct sqlite3_stmt sqlite3_stmt; ** new limit for that construct. The function returns the old limit. ** ** If the new limit is a negative number, the limit is unchanged. -** If the new limit is zero, the construct becomes unlimited. Actually, -** there is a hard upper bound on the size of all constructs that -** is determined at compile-time. For the limit category of -** SQLITE_LIMIT_XYZ the hard upper bound is the compile-time -** constant SQLITE_MAX_XYZ. Attempts to increase a limit above its -** hard upper bound are silently truncated. +** For the limit category of SQLITE_LIMIT_XYZ there is a hard upper +** bound set by a compile-time C-preprocess macro named SQLITE_MAX_XYZ. +** (The "_LIMIT_" in the name is changed to "_MAX_".) +** Attempts to increase a limit above its hard upper bound are +** silently truncated to the hard upper limit. ** ** Run time limits are intended for use in applications that manage ** both their own internal database and also databases that are controlled ** by untrusted external sources. An example application might be a ** webbrowser that has its own databases for storing history and ** separate databases controlled by javascript applications downloaded -** of the internet. The internal databases can be given the +** off the internet. The internal databases can be given the ** large, default limits. Databases managed by external sources can ** be given much smaller limits designed to prevent a denial of service -** attach. +** attach. Developers might also want to use the [sqlite3_set_authorizer()] +** interface to further control untrusted SQL. The size of the database +** created by an untrusted script can be contained using the +** [max_page_count] [PRAGMA]. ** ** This interface is currently considered experimental and is subject ** to change or removal without prior notice. ** ** INVARIANTS: ** -** {F12763} A successful call to [sqlite3_limit(D,C,V)] where V is +** {F12762} A successful call to [sqlite3_limit(D,C,V)] where V is ** positive changes the ** limit on the size of construct C in [database connection] D ** to the lessor of V and the hard upper bound on the size ** of C that is set at compile-time. ** -** {F12763} A successful call to [sqlite3_limit(D,C,V)] where V is zero +** {F12764} A successful call to [sqlite3_limit(D,C,V)] where V is zero ** changes the limit on the size of construct C in ** [database connection] D to be the hard upper bound on the size ** of C that is set at compile-time. diff --git a/test/sqllimits1.test b/test/sqllimits1.test index 91f0dfd0e1..c8af8cec52 100644 --- a/test/sqllimits1.test +++ b/test/sqllimits1.test @@ -12,7 +12,7 @@ # This file contains tests to verify that the limits defined in # sqlite source file limits.h are enforced. # -# $Id: sqllimits1.test,v 1.25 2008/03/20 16:30:18 drh Exp $ +# $Id: sqllimits1.test,v 1.26 2008/03/20 18:00:49 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl @@ -223,8 +223,6 @@ do_test sqllimits1-4.10.1 { sqlite3_limit db SQLITE_LIMIT_VARIABLE_NUMBER -1 } $SQLITE_MAX_VARIABLE_NUMBER - - #-------------------------------------------------------------------- # Test cases sqllimits1-5.* test that the SQLITE_MAX_LENGTH limit # is enforced. @@ -355,10 +353,6 @@ do_test sqllimits1-6.1 { append sql [string repeat $tail $N] catchsql $sql } {1 {String or BLOB exceeded size limit}} -do_test sqllimits1-6.2 { - sqlite3_limit db SQLITE_LIMIT_SQL_LENGTH 0 - catchsql $sql -} {0 1} do_test sqllimits1-6.3 { sqlite3_limit db SQLITE_LIMIT_SQL_LENGTH 50000 set sql "SELECT 1 WHERE 1==1"