SQLite

Check-in [26a59bb88d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Make sure the authorizer callback gets a valid pointer to "ROWID" for the column-name parameter when doing an UPDATE that changes the rowid. Fix for ticket [0eb70d77cb05bb2272].
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 26a59bb88d4082758eb281b365b57f9a0c059d89
User & Date: drh 2013-05-06 13:22:50.843
Context
2013-05-06
14:57
Add an assert() to fts3_expr.c in order to silence a clang warning. (check-in: d8dc2c5fb5 user: drh tags: trunk)
13:22
Make sure the authorizer callback gets a valid pointer to "ROWID" for the column-name parameter when doing an UPDATE that changes the rowid. Fix for ticket [0eb70d77cb05bb2272]. (check-in: 26a59bb88d user: drh tags: trunk)
2013-05-03
20:08
Add magic numbers for Bentley Systems application files. (check-in: 9314b08099 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/update.c. 
204
205
206
207
208
209
210

211
212
213
214
215
216
217
218
219
220
221
222

223
224
225
226
227
228
229
230

        }
        aXRef[j] = i;
        break;
      }
    }
    if( j>=pTab->nCol ){
      if( sqlite3IsRowid(pChanges->a[i].zName) ){

        chngRowid = 1;
        pRowidExpr = pChanges->a[i].pExpr;
      }else{
        sqlite3ErrorMsg(pParse, "no such column: %s", pChanges->a[i].zName);
        pParse->checkSchema = 1;
        goto update_cleanup;
      }
    }
#ifndef SQLITE_OMIT_AUTHORIZATION
    {
      int rc;
      rc = sqlite3AuthCheck(pParse, SQLITE_UPDATE, pTab->zName,

                           pTab->aCol[j].zName, db->aDb[iDb].zName);
      if( rc==SQLITE_DENY ){
        goto update_cleanup;
      }else if( rc==SQLITE_IGNORE ){
        aXRef[j] = -1;
      }
    }
#endif








>












>
|








204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232

        }
        aXRef[j] = i;
        break;
      }
    }
    if( j>=pTab->nCol ){
      if( sqlite3IsRowid(pChanges->a[i].zName) ){
        j = -1;
        chngRowid = 1;
        pRowidExpr = pChanges->a[i].pExpr;
      }else{
        sqlite3ErrorMsg(pParse, "no such column: %s", pChanges->a[i].zName);
        pParse->checkSchema = 1;
        goto update_cleanup;
      }
    }
#ifndef SQLITE_OMIT_AUTHORIZATION
    {
      int rc;
      rc = sqlite3AuthCheck(pParse, SQLITE_UPDATE, pTab->zName,
                            j<0 ? "ROWID" : pTab->aCol[j].zName,
                            db->aDb[iDb].zName);
      if( rc==SQLITE_DENY ){
        goto update_cleanup;
      }else if( rc==SQLITE_IGNORE ){
        aXRef[j] = -1;
      }
    }
#endif
Changes to test/auth.test. 
2364
2365
2366
2367
2368
2369
2370























2371
2372
2373
2374
2375
2376

          SQLITE_READ t5 x main t5_tr1   \
    ]
  do_test auth-5.3.2 {
    execsql { SELECT * FROM t5 }
  } {1}
}

























rename proc {}
rename proc_real proc


finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399

          SQLITE_READ t5 x main t5_tr1   \
    ]
  do_test auth-5.3.2 {
    execsql { SELECT * FROM t5 }
  } {1}
}

# Ticket [0eb70d77cb05bb22720]:  Invalid pointer passsed to the authorizer
# callback when updating a ROWID.
#
do_test auth-6.1 {
  execsql {
    CREATE TABLE t6(a,b,c,d,e,f,g,h);
    INSERT INTO t6 VALUES(1,2,3,4,5,6,7,8);
  }
} {}
set ::authargs [list]
proc auth {args} {
  eval lappend ::authargs $args
  return SQLITE_OK
}
do_test auth-6.2 {
  execsql {UPDATE t6 SET rowID=rowID+100}
  set ::authargs
} [list SQLITE_READ   t6 ROWID main {} \
        SQLITE_UPDATE t6 ROWID main {} \
]
do_test auth-6.3 {
  execsql {SELECT rowid, * FROM t6}
} {101 1 2 3 4 5 6 7 8}

rename proc {}
rename proc_real proc


finish_test