/ Check-in [debafa5e]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | load-ext-security
Files: files | file ages | folders
SHA1: debafa5efd37ac60e030d0963ce8e7c4f51a0f10
User & Date: drh 2016-04-21 01:58:21
Context
2016-04-21
02:27
Add the SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION method for enabling sqlite3_load_extension() while leaving the load_extension() SQL function disabled. check-in: c4f165c4 user: drh tags: trunk
01:58
Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. Closed-Leaf check-in: debafa5e user: drh tags: load-ext-security
01:30
Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. check-in: b2ae5bfa user: drh tags: load-ext-security
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/func.c.

1385
1386
1387
1388
1389
1390
1391
1392



1393
1394
1395
1396
1397
1398
1399
  const char *zProc;
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;

  /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc
  ** flag is set.  See the sqlite3_enable_load_extension() API.
  */
  if( (db->flags & SQLITE_LoadExtFunc)==0 ) return;




  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
    zProc = 0;
  }
  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){







|
>
>
>







1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
  const char *zProc;
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;

  /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc
  ** flag is set.  See the sqlite3_enable_load_extension() API.
  */
  if( (db->flags & SQLITE_LoadExtFunc)==0 ){
    sqlite3_result_error(context, "not authorized", -1);
    return;
  }

  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
    zProc = 0;
  }
  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){

Changes to test/loadext.test.

107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
...
252
253
254
255
256
257
258

259
260









261
262
263
264
265
266
267
  }
} {0 0.5}

# Test that a second database connection (db2) can load the extension also.
#
do_test loadext-1.3 {
  sqlite3 db2 test.db
  sqlite3_enable_load_extension db2 1
  catchsql {
    SELECT half(1.0);
  } db2
} {1 {no such function: half}}
do_test loadext-1.4 {
  sqlite3_load_extension db2 $testextension testloadext_init
  catchsql {
................................................................................
do_test loadext-4.2 {
  sqlite3_enable_load_extension db 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {0 {{}}}


do_test loadext-4.3 {
  sqlite3_enable_load_extension db 0









  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

source $testdir/malloc_common.tcl








|







 







>


>
>
>
>
>
>
>
>
>







107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
...
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
  }
} {0 0.5}

# Test that a second database connection (db2) can load the extension also.
#
do_test loadext-1.3 {
  sqlite3 db2 test.db
  sqlite3_db_config db2 SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1
  catchsql {
    SELECT half(1.0);
  } db2
} {1 {no such function: half}}
do_test loadext-1.4 {
  sqlite3_load_extension db2 $testextension testloadext_init
  catchsql {
................................................................................
do_test loadext-4.2 {
  sqlite3_enable_load_extension db 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {0 {{}}}

# disable all extension loading
do_test loadext-4.3 {
  sqlite3_enable_load_extension db 0
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

# enable C-api extension loading only.  Show that the SQL function
# still does not work.
do_test loadext-4.4 {
  sqlite3_db_config db SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1
  catchsql {
    SELECT load_extension($::testextension,'testloadext_init')
  }
} {1 {not authorized}}

source $testdir/malloc_common.tcl