Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | load-ext-security |
Files: | files | file ages | folders |
SHA1: |
debafa5efd37ac60e030d0963ce8e7c4 |
User & Date: | drh 2016-04-21 01:58:21.573 |
Context
2016-04-21
| ||
02:27 | Add the SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION method for enabling sqlite3_load_extension() while leaving the load_extension() SQL function disabled. (check-in: c4f165c460 user: drh tags: trunk) | |
01:58 | Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. (Closed-Leaf check-in: debafa5efd user: drh tags: load-ext-security) | |
01:30 | Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. (check-in: b2ae5bfa32 user: drh tags: load-ext-security) | |
Changes
Changes to src/func.c.
︙ | ︙ | |||
1385 1386 1387 1388 1389 1390 1391 | const char *zProc; sqlite3 *db = sqlite3_context_db_handle(context); char *zErrMsg = 0; /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc ** flag is set. See the sqlite3_enable_load_extension() API. */ | | > > > | 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 | const char *zProc; sqlite3 *db = sqlite3_context_db_handle(context); char *zErrMsg = 0; /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc ** flag is set. See the sqlite3_enable_load_extension() API. */ if( (db->flags & SQLITE_LoadExtFunc)==0 ){ sqlite3_result_error(context, "not authorized", -1); return; } if( argc==2 ){ zProc = (const char *)sqlite3_value_text(argv[1]); }else{ zProc = 0; } if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){ |
︙ | ︙ |
Changes to test/loadext.test.
︙ | ︙ | |||
107 108 109 110 111 112 113 | } } {0 0.5} # Test that a second database connection (db2) can load the extension also. # do_test loadext-1.3 { sqlite3 db2 test.db | | | 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | } } {0 0.5} # Test that a second database connection (db2) can load the extension also. # do_test loadext-1.3 { sqlite3 db2 test.db sqlite3_db_config db2 SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1 catchsql { SELECT half(1.0); } db2 } {1 {no such function: half}} do_test loadext-1.4 { sqlite3_load_extension db2 $testextension testloadext_init catchsql { |
︙ | ︙ | |||
252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 | do_test loadext-4.2 { sqlite3_enable_load_extension db 1 catchsql { SELECT load_extension($::testextension,'testloadext_init') } } {0 {{}}} do_test loadext-4.3 { sqlite3_enable_load_extension db 0 catchsql { SELECT load_extension($::testextension,'testloadext_init') } } {1 {not authorized}} source $testdir/malloc_common.tcl | > > > > > > > > > > | 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 | do_test loadext-4.2 { sqlite3_enable_load_extension db 1 catchsql { SELECT load_extension($::testextension,'testloadext_init') } } {0 {{}}} # disable all extension loading do_test loadext-4.3 { sqlite3_enable_load_extension db 0 catchsql { SELECT load_extension($::testextension,'testloadext_init') } } {1 {not authorized}} # enable C-api extension loading only. Show that the SQL function # still does not work. do_test loadext-4.4 { sqlite3_db_config db SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1 catchsql { SELECT load_extension($::testextension,'testloadext_init') } } {1 {not authorized}} source $testdir/malloc_common.tcl |
︙ | ︙ |