SQLite

Check-in [debafa5efd]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | load-ext-security
Files: files | file ages | folders
SHA1: debafa5efd37ac60e030d0963ce8e7c4f51a0f10
User & Date: drh 2016-04-21 01:58:21.573
Context
2016-04-21
02:27
Add the SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION method for enabling sqlite3_load_extension() while leaving the load_extension() SQL function disabled. (check-in: c4f165c460 user: drh tags: trunk)
01:58
Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. (Closed-Leaf check-in: debafa5efd user: drh tags: load-ext-security)
01:30
Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. (check-in: b2ae5bfa32 user: drh tags: load-ext-security)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/func.c.
1385
1386
1387
1388
1389
1390
1391
1392



1393
1394
1395
1396
1397
1398
1399
  const char *zProc;
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;

  /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc
  ** flag is set.  See the sqlite3_enable_load_extension() API.
  */
  if( (db->flags & SQLITE_LoadExtFunc)==0 ) return;




  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
    zProc = 0;
  }
  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){







|
>
>
>







1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
  const char *zProc;
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;

  /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc
  ** flag is set.  See the sqlite3_enable_load_extension() API.
  */
  if( (db->flags & SQLITE_LoadExtFunc)==0 ){
    sqlite3_result_error(context, "not authorized", -1);
    return;
  }

  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
    zProc = 0;
  }
  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){
Changes to test/loadext.test.
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
  }
} {0 0.5}

# Test that a second database connection (db2) can load the extension also.
#
do_test loadext-1.3 {
  sqlite3 db2 test.db
  sqlite3_enable_load_extension db2 1
  catchsql {
    SELECT half(1.0);
  } db2
} {1 {no such function: half}}
do_test loadext-1.4 {
  sqlite3_load_extension db2 $testextension testloadext_init
  catchsql {







|







107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
  }
} {0 0.5}

# Test that a second database connection (db2) can load the extension also.
#
do_test loadext-1.3 {
  sqlite3 db2 test.db
  sqlite3_db_config db2 SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1
  catchsql {
    SELECT half(1.0);
  } db2
} {1 {no such function: half}}
do_test loadext-1.4 {
  sqlite3_load_extension db2 $testextension testloadext_init
  catchsql {
252
253
254
255
256
257
258

259
260









261
262
263
264
265
266
267
do_test loadext-4.2 {
  sqlite3_enable_load_extension db 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {0 {{}}}


do_test loadext-4.3 {
  sqlite3_enable_load_extension db 0









  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

source $testdir/malloc_common.tcl








>


>
>
>
>
>
>
>
>
>







252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
do_test loadext-4.2 {
  sqlite3_enable_load_extension db 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {0 {{}}}

# disable all extension loading
do_test loadext-4.3 {
  sqlite3_enable_load_extension db 0
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

# enable C-api extension loading only.  Show that the SQL function
# still does not work.
do_test loadext-4.4 {
  sqlite3_db_config db SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

source $testdir/malloc_common.tcl