SQLite

Check-in [92ab1f7257]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Invoke the SQLITE_READ authorizer callback with a NULL column name for any table referenced by a query but from when no columns are extracted.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 92ab1f7257d2866c69eaaf4cf85990677b911ef425e9c5a36a96978cccfb551c
User & Date: drh 2017-05-10 16:12:00.855
Context
2017-05-10
16:33
Improved documentation for the SQLITE_READ authorizer callback. No code changes. (check-in: 92c5ea7047 user: drh tags: trunk)
16:12
Invoke the SQLITE_READ authorizer callback with a NULL column name for any table referenced by a query but from when no columns are extracted. (check-in: 92ab1f7257 user: drh tags: trunk)
13:36
Fix a couple of test scripts so that they work with -DSQLITE_DISABLE_FTS4_DEFERRED builds. (check-in: 30018d3106 user: dan tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/select.c. 
5111
5112
5113
5114
5115
5116
5117


5118
5119
5120
5121
5122
5123
5124
















5125
5126
5127
5128
5129
5130
5131

    SELECTTRACE(1,pParse,p,("end compound-select processing\n"));
    pParse->nSelectIndent--;
#endif
    return rc;
  }
#endif



  /* Generate code for all sub-queries in the FROM clause
  */
#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
  for(i=0; i<pTabList->nSrc; i++){
    struct SrcList_item *pItem = &pTabList->a[i];
    SelectDest dest;
    Select *pSub = pItem->pSelect;
















    if( pSub==0 ) continue;

    /* Sometimes the code for a subquery will be generated more than
    ** once, if the subquery is part of the WHERE clause in a LEFT JOIN,
    ** for example.  In that case, do not regenerate the code to manifest
    ** a view or the co-routine to implement a view.  The first instance
    ** is sufficient, though the subroutine to manifest the view does need








>
>
|

<



|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121

5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148

    SELECTTRACE(1,pParse,p,("end compound-select processing\n"));
    pParse->nSelectIndent--;
#endif
    return rc;
  }
#endif

  /* For each term in the FROM clause, do two things:
  ** (1) Authorized unreferenced tables
  ** (2) Generate code for all sub-queries
  */

  for(i=0; i<pTabList->nSrc; i++){
    struct SrcList_item *pItem = &pTabList->a[i];
    SelectDest dest;
    Select *pSub;

    /* Issue SQLITE_READ authorizations with a NULL column name for any tables that
    ** are referenced but from which no values are extracted. Examples of where these
    ** kinds of null SQLITE_READ authorizations would occur:
    **
    **     SELECT count(*) FROM t1;   -- SQLITE_READ t1 null
    **     SELECT t1.* FROM t1, t2;   -- SQLITE_READ t2 null
    */
    if( pItem->colUsed==0 ){
      sqlite3AuthCheck(pParse, SQLITE_READ, pItem->zName, pItem->zDatabase, 0);
    }

#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
    /* Generate code for all sub-queries in the FROM clause
    */
    pSub = pItem->pSelect;
    if( pSub==0 ) continue;

    /* Sometimes the code for a subquery will be generated more than
    ** once, if the subquery is part of the WHERE clause in a LEFT JOIN,
    ** for example.  In that case, do not regenerate the code to manifest
    ** a view or the co-routine to implement a view.  The first instance
    ** is sufficient, though the subroutine to manifest the view does need

5238
5239
5240
5241
5242
5243
5244
5245
5246

5247
5248
5249
5250
5251
5252
5253

      retAddr = sqlite3VdbeAddOp1(v, OP_Return, pItem->regReturn);
      VdbeComment((v, "end %s", pItem->pTab->zName));
      sqlite3VdbeChangeP1(v, topAddr, retAddr);
      sqlite3ClearTempRegCache(pParse);
    }
    if( db->mallocFailed ) goto select_end;
    pParse->nHeight -= sqlite3SelectExprHeight(p);
  }
#endif


  /* Various elements of the SELECT copied into local variables for
  ** convenience */
  pEList = p->pEList;
  pWhere = p->pWhere;
  pGroupBy = p->pGroupBy;
  pHaving = p->pHaving;








<

>








5255
5256
5257
5258
5259
5260
5261

5262
5263
5264
5265
5266
5267
5268
5269
5270

      retAddr = sqlite3VdbeAddOp1(v, OP_Return, pItem->regReturn);
      VdbeComment((v, "end %s", pItem->pTab->zName));
      sqlite3VdbeChangeP1(v, topAddr, retAddr);
      sqlite3ClearTempRegCache(pParse);
    }
    if( db->mallocFailed ) goto select_end;
    pParse->nHeight -= sqlite3SelectExprHeight(p);

#endif
  }

  /* Various elements of the SELECT copied into local variables for
  ** convenience */
  pEList = p->pEList;
  pWhere = p->pWhere;
  pGroupBy = p->pGroupBy;
  pHaving = p->pHaving;
Changes to test/auth.test. 
2474
2475
2476
2477
2478
2479
2480























2481
2482
2483
2484

  set ::authargs
} [list                          \
  SQLITE_SELECT {} {} {} {}      \
  SQLITE_READ t7 a main {}       \
  SQLITE_READ t7 c main {}       \
]

























rename proc {}
rename proc_real proc
finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>





2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507

  set ::authargs
} [list                          \
  SQLITE_SELECT {} {} {} {}      \
  SQLITE_READ t7 a main {}       \
  SQLITE_READ t7 c main {}       \
]

# If a table is referenced but no columns are read from the table,
# that causes a single SQLITE_READ authorization with a NULL column
# name.
#
set ::authargs [list]
do_test auth-8.1 {
  execsql {SELECT count(*) FROM t7}
  set ::authargs
} [list \
  SQLITE_SELECT {} {} {} {}          \
  SQLITE_FUNCTION {} count {} {}     \
  SQLITE_READ t7 {} {} {}            \
  ]
set ::authargs [list]

do_test auth-8.2 {
  execsql {SELECT t6.a FROM t6, t7}
  set ::authargs
} [list \
  SQLITE_SELECT {} {} {} {}          \
  SQLITE_READ t6 a main {}           \
  SQLITE_READ t7 {} {} {}            \
  ]

rename proc {}
rename proc_real proc
finish_test