/ Check-in [edb454e4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:API Change: Modify sqlite3_enable_load_extension() so that it only enables/disables the load_extension() SQL function, and leaves the C-APIs enabled at all times. In this way, applications can enable extension loading for the C interface without having to expose that capability to the SQL.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | load-ext-security
Files: files | file ages | folders
SHA1:edb454e45ae008e051e2f48d704a855b0c3e4be9
User & Date: drh 2016-04-20 00:30:05
Context
2016-04-21
01:30
Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. check-in: b2ae5bfa user: drh tags: load-ext-security
2016-04-20
00:30
API Change: Modify sqlite3_enable_load_extension() so that it only enables/disables the load_extension() SQL function, and leaves the C-APIs enabled at all times. In this way, applications can enable extension loading for the C interface without having to expose that capability to the SQL. check-in: edb454e4 user: drh tags: load-ext-security
2016-04-18
15:46
Remove quotes from identifiers used as datatype names in a CREATE TABLE statement. Fix for ticket [7d7525cb01b68] check-in: eba27d4d user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/func.c.

1381
1382
1383
1384
1385
1386
1387








1388
1389
1390
1391
1392
1393
1394
** A function that loads a shared-library extension then returns NULL.
*/
static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){
  const char *zFile = (const char *)sqlite3_value_text(argv[0]);
  const char *zProc;
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;









  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
    zProc = 0;
  }
  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){







>
>
>
>
>
>
>
>







1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
** A function that loads a shared-library extension then returns NULL.
*/
static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){
  const char *zFile = (const char *)sqlite3_value_text(argv[0]);
  const char *zProc;
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;

  /* Disallow the load_extension function unless the SQLITE_LoadExtension
  ** flag is set.  See the sqlite3_enable_load_extension() API.
  */
  if( (db->flags & SQLITE_LoadExtension)==0 ){
    sqlite3_result_error(context, "not authorized", -1);
    return;
  }

  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
    zProc = 0;
  }
  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){

Changes to src/loadext.c.

456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
#else
     "so"
#endif
  };


  if( pzErrMsg ) *pzErrMsg = 0;

  /* Ticket #1863.  To avoid a creating security problems for older
  ** applications that relink against newer versions of SQLite, the
  ** ability to run load_extension is turned off by default.  One
  ** must call sqlite3_enable_load_extension() to turn on extension
  ** loading.  Otherwise you get the following error.
  */
  if( (db->flags & SQLITE_LoadExtension)==0 ){
    if( pzErrMsg ){
      *pzErrMsg = sqlite3_mprintf("not authorized");
    }
    return SQLITE_ERROR;
  }

  zEntry = zProc ? zProc : "sqlite3_extension_init";

  handle = sqlite3OsDlOpen(pVfs, zFile);
#if SQLITE_OS_UNIX || SQLITE_OS_WIN
  for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){
    char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
    if( zAltFile==0 ) return SQLITE_NOMEM_BKPT;
    handle = sqlite3OsDlOpen(pVfs, zAltFile);
    sqlite3_free(zAltFile);







<
<
<
<
<
<
<
<
<
<
<
<
<
<

<







456
457
458
459
460
461
462














463

464
465
466
467
468
469
470
#else
     "so"
#endif
  };


  if( pzErrMsg ) *pzErrMsg = 0;














  zEntry = zProc ? zProc : "sqlite3_extension_init";

  handle = sqlite3OsDlOpen(pVfs, zFile);
#if SQLITE_OS_UNIX || SQLITE_OS_WIN
  for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){
    char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
    if( zAltFile==0 ) return SQLITE_NOMEM_BKPT;
    handle = sqlite3OsDlOpen(pVfs, zAltFile);
    sqlite3_free(zAltFile);