Improved security for VACUUM. This check-in combines the fixes

author drh <drh@noemail.net>

Thu, 3 May 2018 21:51:30 +0000 (21:51 +0000)

committer drh <drh@noemail.net>

Thu, 3 May 2018 21:51:30 +0000 (21:51 +0000)
author drh <drh@noemail.net>
Thu, 3 May 2018 21:51:30 +0000 (21:51 +0000)
committer drh <drh@noemail.net>
Thu, 3 May 2018 21:51:30 +0000 (21:51 +0000)
diff --git a/manifest b/manifest

index 04373ccc9530da238156be5302d75a177bb89276..0e24703e4b9737c5994e5c8ca83280aa9f1beac4 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Overhaul\sof\sEXPLAIN\sQUERY\sPLAN.\sThe\soutput\sis\snow\sin\sthe\sform\sof\sa\stree.\nMore\sdetails\sof\sthe\squery\splan\sare\sshown,\sand\swhat\sis\sshown\sis\struer\sto\swhat\nactually\shappens.
-D 2018-05-03T19:56:50.453
+C Improved\ssecurity\sfor\sVACUUM.\s\sThis\scheck-in\scombines\sthe\sfixes\nof\s[ab0d99d0b5ede]\sand\s[27754b74ddf646]\sin\sa\sway\sthat\sis\sless\slikely\sto\nto\sbe\sbroken\sby\sfuture\schanges.
+D 2018-05-03T21:51:30.697
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F Makefile.in 5ce9343cba9c189046f1afe6d2bcc1f68079439febc05267b98aec6ecc752439
@@ -562,7 +562,7 @@ F src/update.c 5be2f501ddc704fc04183bdb28b25eab930bb8553d973429a089ec94fa85cf2b
  F src/upsert.c ae4a4823b45c4daf87e8aea8c0f582a8844763271f5ed54ee5956c4c612734f4
  F src/utf.c 810fbfebe12359f10bc2a011520a6e10879ab2a163bcb26c74768eab82ea62a5
  F src/util.c d9eb0a6c4aae1b00a7369eadd7ca0bbe946cb4c953b6751aa20d357c2f482157
-F src/vacuum.c 593498d6d1f1f3c5561c1476132d3b03af33881ff9f27ce4e48d4ba60be3615d
+F src/vacuum.c 37730af7540033135909ecaee3667dddec043293428d8718546d0d64ba4a5025
  F src/vdbe.c 066a4e1de2ed83e253adfd2e97a684cf562eaa41d31ee7f3d3e4c8aea4485a55
  F src/vdbe.h d970d9738efdd09cb2df73e3a40856e7df13e88a3486789c49fcdd322c9eb8a2
  F src/vdbeInt.h 95f7adfdc5c8f1353321f55a6c5ec00a90877e3b85af5159e393afb41ff54110
@@ -1727,8 +1727,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P ab0d99d0b5edece4c639baa47ce1ca2c02774cb2515e5b7f36d9bd312ccd3310 956fef361a795bd081d8e23ce4075dc8aafcee63ab7275d13b657b529d185b30
-R 067c5aa8ed93f027a9f18eeeee2f55ff
-T +closed 956fef361a795bd081d8e23ce4075dc8aafcee63ab7275d13b657b529d185b30
+P ff01bbdabc4b9db3db8b928979442c91b32d72082158e4f5fe62ae51a73649d2
+R 89cb977cf2a7974b23a1ffc22bfe7f69
  U drh
-Z b328f3a1ea4d4f9e8fb3fe9715c4ed00
+Z b164f882a3399333cea7fc0c8706c738
diff --git a/manifest.uuid b/manifest.uuid

index db0983069a2777d75dd8cd4dae81065c57d39e6f..425caf43386685a6080ee8bc198d2eee050daf3f 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-ff01bbdabc4b9db3db8b928979442c91b32d72082158e4f5fe62ae51a73649d2
-\ No newline at end of file
+260fc696538b195e8decabaab46771f664fb829b539efa86fb0b8170db01fa0a
+\ No newline at end of file
diff --git a/src/vacuum.c b/src/vacuum.c

index 103aee0bd4cb8864f8f64c60c195efa6bae8b811..fe295147c56ab7fec4b787c3bca49d84853776a0 100644 (file)
--- a/src/vacuum.c
+++ b/src/vacuum.c
@@ -39,8 +39,14 @@ static int execSql(sqlite3 *db, char **pzErrMsg, const char *zSql){
    while( SQLITE_ROW==(rc = sqlite3_step(pStmt)) ){
      const char *zSubSql = (const char*)sqlite3_column_text(pStmt,0);
      assert( sqlite3_strnicmp(zSql,"SELECT",6)==0 );
-    assert( sqlite3_strnicmp(zSubSql,"SELECT",6)!=0 || CORRUPT_DB );
-    if( zSubSql && zSubSql[0]!='S' ){
+    /* The secondary SQL must be one of CREATE TABLE, CREATE INDEX,
+    ** or INSERT.  Historically there have been attacks that first
+    ** corrupt the sqlite_master.sql field with other kinds of statements
+    ** then run VACUUM to get those statements to execute at inappropriate
+    ** times. */
+    if( zSubSql
+     && (strncmp(zSubSql,"CRE",3)==0 || strncmp(zSubSql,"INS",3)==0)
+    ){
        rc = execSql(db, pzErrMsg, zSubSql);
        if( rc!=SQLITE_OK ) break;
      }
@@ -247,13 +253,13 @@ int sqlite3RunVacuum(char **pzErrMsg, sqlite3 *db, int iDb){
    rc = execSqlF(db, pzErrMsg,
        "SELECT sql FROM \"%w\".sqlite_master"
        " WHERE type='table'AND name<>'sqlite_sequence'"
-      " AND coalesce(rootpage,1)>0 AND sql LIKE 'CREATE%%'",
+      " AND coalesce(rootpage,1)>0",
        zDbMain
    );
    if( rc!=SQLITE_OK ) goto end_of_vacuum;
    rc = execSqlF(db, pzErrMsg,
        "SELECT sql FROM \"%w\".sqlite_master"
-      " WHERE type='index' AND length(sql)>10",
+      " WHERE type='index'",
        zDbMain
    );
    if( rc!=SQLITE_OK ) goto end_of_vacuum;
author	drh <drh@noemail.net>
	Thu, 3 May 2018 21:51:30 +0000 (21:51 +0000)
committer	drh <drh@noemail.net>
	Thu, 3 May 2018 21:51:30 +0000 (21:51 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/vacuum.c		patch \| blob \| blame \| history