-C Change\sthe\sSQLAR\sarchive\sextraction\salgorithm\sin\sthe\sCLI\sso\sthat\sit\nuses\sthe\snewly\senhanced\srealpath()\sSQL\sfunction\sto\sguard\sagainst\nattacks\sthat\suse\ssymlinks\sto\stry\sto\swrite\sfiles\soutside\sof\sthe\ndestination\sdirectory.\n[forum:/forumpost/641b09daa17d9086|Forum\spost\s641b09daa17d9086].
-D 2026-02-23T12:19:05.604
+C Add\stest\scases\sfor\sthe\ssymlink\sdefenses\sof\sthe\sprevious\scheck-in.
+D 2026-02-23T13:29:29.514
F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F test/shell5.test a9cd2c8b62e125049ef500937674f47dd6787f0157ac0515aa554044a4dc3ea9
F test/shell6.test e3b883b61d4916b6906678a35f9d19054861123ad91b856461e0a456273bdbb8
F test/shell7.test 43fd8e511c533bab5232e95c7b4be93b243451709e89582600d4b6e67693d5c3
-F test/shell8.test 641cf21a99c59404c24e3062923734951c4099a6b6b6520de00cf7a1249ee871
+F test/shell8.test fc3b6ca51ffba9b4b658d4c65a07b50338a2b592a276a66b8464be448d0f5e30
F test/shell9.test 8742a5b390cdcef6369f5aa223e415aa4255a4129ef249b177887dc635a87209
F test/shellA.test 05cdaafa1f79913654487ce3aefa038d4106245d58f52e02faf506140a76d480
F test/shellB.test b2afd5c28aba750c066996a082210d6a4fcab8fd042cad076d9c1023164af9b1
F tool/warnings.sh d924598cf2f55a4ecbc2aeb055c10bd5f48114793e7ba25f9585435da29e7e98
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 27a5735fb1e194d763ab9fdb933fad4f694fb2f8ad19205d17ac81caebd82548
-R 5f3ef586ef29ee2dd47a3c1f07f1d05a
+P 7cced53e8c508fbf1816162c5358c77a712f76a38fd18f07171efc3c028a3c57
+R 759eaf7b561ab385ab020df9b6f9eba9
U drh
-Z 1ae541096a3f2b3c5c84a58179012397
+Z 1cdbe80a45cdf36eafc051b6689caa6d
# Remove this line to create a well-formed Fossil manifest.
-7cced53e8c508fbf1816162c5358c77a712f76a38fd18f07171efc3c028a3c57
+5da9bf09cc00faf98cc515fb5a10a0af325b8f7608893808d031dfef62380be2
do_test 3.3 {
catchcmd shell8.db {.ar -x}
} {0 {}}
+
+ # Test defenses against using symlinks to write outside
+ # of the destination directory. See forum thread at
+ # sqlite.org/forum/forumpost/2026-02-21T11:04:36z
+ #
+ forcedelete shell8.db
+ forcedelete ar1
+ forcedelete ar2
+ forcedelete ar3
+ file mkdir ar2
+ file mkdir ar3
+ set pwd [pwd]
+ sqlite3 db shell8.db
+ db eval {
+ CREATE TABLE sqlar(
+ name TEXT PRIMARY KEY, -- name of the file
+ mode INT, -- access permissions
+ mtime INT, -- last modification time
+ sz INT, -- original file size
+ data BLOB -- compressed content
+ );
+ INSERT INTO sqlar VALUES
+ ('abc',33188,0,-1,'content for abc'),
+ ('escape',40960,0,-1,$pwd||'/ar3'),
+ ('escape/def',33188,0,-1,'content for escape/def'),
+ ('ghi',33188,0,-1,'content for ghi');
+ }
+ do_test 3.4.1 {
+ catchcmd shell8.db {.ar -x --directory ar2}
+ lsort [glob -tails -directory ar2 *]
+ } {abc escape ghi}
+ do_test 3.4.2 {
+ lsort [glob -tails -directory ar3 *]
+ } {}
+ # ^^--- An extraction into ar2 should not leak any files into ar3
+
+ forcedelete shell8.db
+ forcedelete ar2
+ forcedelete ar3
+
}
finish_test
projects / thirdparty / sqlite.git / commitdiff
