Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | load-ext-security |
| Files: | files | file ages | folders |
| SHA1: |
debafa5efd37ac60e030d0963ce8e7c4 |
| User & Date: | drh 2016-04-21 01:58:21.573 |
Context
|
2016-04-21
| ||
| 02:27 | Add the SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION method for enabling sqlite3_load_extension() while leaving the load_extension() SQL function disabled. (check-in: c4f165c460 user: drh tags: trunk) | |
| 01:58 | Test cases for SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION. (Closed-Leaf check-in: debafa5efd user: drh tags: load-ext-security) | |
| 01:30 | Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. (check-in: b2ae5bfa32 user: drh tags: load-ext-security) | |
Changes
Changes to src/func.c.
| ︙ | ︙ | |||
1385 1386 1387 1388 1389 1390 1391 | const char *zProc; sqlite3 *db = sqlite3_context_db_handle(context); char *zErrMsg = 0; /* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc ** flag is set. See the sqlite3_enable_load_extension() API. */ | | > > > | 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 |
const char *zProc;
sqlite3 *db = sqlite3_context_db_handle(context);
char *zErrMsg = 0;
/* Disallow the load_extension() SQL function unless the SQLITE_LoadExtFunc
** flag is set. See the sqlite3_enable_load_extension() API.
*/
if( (db->flags & SQLITE_LoadExtFunc)==0 ){
sqlite3_result_error(context, "not authorized", -1);
return;
}
if( argc==2 ){
zProc = (const char *)sqlite3_value_text(argv[1]);
}else{
zProc = 0;
}
if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){
|
| ︙ | ︙ |
Changes to test/loadext.test.
| ︙ | ︙ | |||
107 108 109 110 111 112 113 |
}
} {0 0.5}
# Test that a second database connection (db2) can load the extension also.
#
do_test loadext-1.3 {
sqlite3 db2 test.db
| | | 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
}
} {0 0.5}
# Test that a second database connection (db2) can load the extension also.
#
do_test loadext-1.3 {
sqlite3 db2 test.db
sqlite3_db_config db2 SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1
catchsql {
SELECT half(1.0);
} db2
} {1 {no such function: half}}
do_test loadext-1.4 {
sqlite3_load_extension db2 $testextension testloadext_init
catchsql {
|
| ︙ | ︙ | |||
252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 |
do_test loadext-4.2 {
sqlite3_enable_load_extension db 1
catchsql {
SELECT load_extension($::testextension,'testloadext_init')
}
} {0 {{}}}
do_test loadext-4.3 {
sqlite3_enable_load_extension db 0
catchsql {
SELECT load_extension($::testextension,'testloadext_init')
}
} {1 {not authorized}}
source $testdir/malloc_common.tcl
| > > > > > > > > > > | 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 |
do_test loadext-4.2 {
sqlite3_enable_load_extension db 1
catchsql {
SELECT load_extension($::testextension,'testloadext_init')
}
} {0 {{}}}
# disable all extension loading
do_test loadext-4.3 {
sqlite3_enable_load_extension db 0
catchsql {
SELECT load_extension($::testextension,'testloadext_init')
}
} {1 {not authorized}}
# enable C-api extension loading only. Show that the SQL function
# still does not work.
do_test loadext-4.4 {
sqlite3_db_config db SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION 1
catchsql {
SELECT load_extension($::testextension,'testloadext_init')
}
} {1 {not authorized}}
source $testdir/malloc_common.tcl
|
| ︙ | ︙ |