SQLite: Check-in [debafa5e]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| load-ext-security
Files:	files \| file ages \| folders
SHA1:	debafa5efd37ac60e030d0963ce8e7c4f51a0f10
User & Date:	drh 2016-04-21 01:58:21

Context

2016-04-21
02:27		Add the SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION method for enabling sqlite3_load_extension() while leaving the load_extension() SQL function disabled. check-in: c4f165c4 user: drh tags: trunk
01:58		Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. Closed-Leaf check-in: debafa5e user: drh tags: load-ext-security
01:30		Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. check-in: b2ae5bfa user: drh tags: load-ext-security

Changes

Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/func.c.

  const char *zProc;
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;

  /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc
  ** flag is set.  See the sqlite3_enable_load_extension() API.
  */
  if( (db->flags & SQLITE_LoadExtFunc)==0 ) return;




  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
    zProc = 0;
  }
  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){








|
>
>
>

  const char *zProc;
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;

  /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc
  ** flag is set.  See the sqlite3_enable_load_extension() API.
  */
  if( (db->flags & SQLITE_LoadExtFunc)==0 ){
    sqlite3_result_error(context, "not authorized", -1);
    return;
  }

  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
    zProc = 0;
  }
  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){

Changes to test/loadext.test.

  }
} {0 0.5}

# Test that a second database connection (db2) can load the extension also.
#
do_test loadext-1.3 {
  sqlite3 db2 test.db
  sqlite3_enable_load_extension db2 1
  catchsql {
    SELECT half(1.0);
  } db2
} {1 {no such function: half}}
do_test loadext-1.4 {
  sqlite3_load_extension db2 $testextension testloadext_init
  catchsql {
................................................................................
do_test loadext-4.2 {
  sqlite3_enable_load_extension db 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {0 {{}}}


do_test loadext-4.3 {
  sqlite3_enable_load_extension db 0









  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

source $testdir/malloc_common.tcl








|







 







>


>
>
>
>
>
>
>
>
>

  }
} {0 0.5}

# Test that a second database connection (db2) can load the extension also.
#
do_test loadext-1.3 {
  sqlite3 db2 test.db
  sqlite3_db_config db2 SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1
  catchsql {
    SELECT half(1.0);
  } db2
} {1 {no such function: half}}
do_test loadext-1.4 {
  sqlite3_load_extension db2 $testextension testloadext_init
  catchsql {
................................................................................
do_test loadext-4.2 {
  sqlite3_enable_load_extension db 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {0 {{}}}

# disable all extension loading
do_test loadext-4.3 {
  sqlite3_enable_load_extension db 0
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

# enable C-api extension loading only.  Show that the SQL function
# still does not work.
do_test loadext-4.4 {
  sqlite3_db_config db SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

source $testdir/malloc_common.tcl