Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | API Change: Modify sqlite3_enable_load_extension() so that it only enables/disables the load_extension() SQL function, and leaves the C-APIs enabled at all times. In this way, applications can enable extension loading for the C interface without having to expose that capability to the SQL. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | load-ext-security |
| Files: | files | file ages | folders |
| SHA1: | edb454e45ae008e051e2f48d704a855b |
| User & Date: | drh 2016-04-20 00:30:05 |
Context
|
2016-04-21
| ||
| 01:30 | Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. check-in: b2ae5bfa user: drh tags: load-ext-security | |
|
2016-04-20
| ||
| 00:30 | API Change: Modify sqlite3_enable_load_extension() so that it only enables/disables the load_extension() SQL function, and leaves the C-APIs enabled at all times. In this way, applications can enable extension loading for the C interface without having to expose that capability to the SQL. check-in: edb454e4 user: drh tags: load-ext-security | |
|
2016-04-18
| ||
| 15:46 | Remove quotes from identifiers used as datatype names in a CREATE TABLE statement. Fix for ticket [7d7525cb01b68] check-in: eba27d4d user: drh tags: trunk | |
Changes
Changes to src/func.c.
1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 |
** A function that loads a shared-library extension then returns NULL.
*/
static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){
const char *zFile = (const char *)sqlite3_value_text(argv[0]);
const char *zProc;
sqlite3 *db = sqlite3_context_db_handle(context);
char *zErrMsg = 0;
if( argc==2 ){
zProc = (const char *)sqlite3_value_text(argv[1]);
}else{
zProc = 0;
}
if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){
|
> > > > > > > > |
1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 |
** A function that loads a shared-library extension then returns NULL.
*/
static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){
const char *zFile = (const char *)sqlite3_value_text(argv[0]);
const char *zProc;
sqlite3 *db = sqlite3_context_db_handle(context);
char *zErrMsg = 0;
/* Disallow the load_extension function unless the SQLITE_LoadExtension
** flag is set. See the sqlite3_enable_load_extension() API.
*/
if( (db->flags & SQLITE_LoadExtension)==0 ){
sqlite3_result_error(context, "not authorized", -1);
return;
}
if( argc==2 ){
zProc = (const char *)sqlite3_value_text(argv[1]);
}else{
zProc = 0;
}
if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){
|
Changes to src/loadext.c.
456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 |
#else
"so"
#endif
};
if( pzErrMsg ) *pzErrMsg = 0;
/* Ticket #1863. To avoid a creating security problems for older
** applications that relink against newer versions of SQLite, the
** ability to run load_extension is turned off by default. One
** must call sqlite3_enable_load_extension() to turn on extension
** loading. Otherwise you get the following error.
*/
if( (db->flags & SQLITE_LoadExtension)==0 ){
if( pzErrMsg ){
*pzErrMsg = sqlite3_mprintf("not authorized");
}
return SQLITE_ERROR;
}
zEntry = zProc ? zProc : "sqlite3_extension_init";
handle = sqlite3OsDlOpen(pVfs, zFile);
#if SQLITE_OS_UNIX || SQLITE_OS_WIN
for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){
char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
if( zAltFile==0 ) return SQLITE_NOMEM_BKPT;
handle = sqlite3OsDlOpen(pVfs, zAltFile);
sqlite3_free(zAltFile);
|
< < < < < < < < < < < < < < < |
456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 |
#else
"so"
#endif
};
if( pzErrMsg ) *pzErrMsg = 0;
zEntry = zProc ? zProc : "sqlite3_extension_init";
handle = sqlite3OsDlOpen(pVfs, zFile);
#if SQLITE_OS_UNIX || SQLITE_OS_WIN
for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){
char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
if( zAltFile==0 ) return SQLITE_NOMEM_BKPT;
handle = sqlite3OsDlOpen(pVfs, zAltFile);
sqlite3_free(zAltFile);
|