From: dan <dan@noemail.net>
Date: Tue, 24 Nov 2020 16:44:09 +0000 (+0000)
Subject: Ensure that super-journal and other journal filenames passed by SQLite to an sqlite3_... 
X-Git-Tag: version-3.34.0~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2e3cb1382f521e0bf04ed10c0d526cf09f0eff81;p=thirdparty%2Fsqlite.git

Ensure that super-journal and other journal filenames passed by SQLite to an sqlite3_vfs.xOpen() implementation may be safely passed to sqlite3_uri_parameter() and similar functions.

FossilOrigin-Name: 6a28713d59cde0882c3508160347c2ea18c7c4e9bfd1b053103af2d5e12a144c
---

diff --git a/manifest b/manifest
index 6befb23fd8..b09ea33aa2 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Remove\sthe\sVERSION_NUMBER\smacro\sfrom\sconfigure.ac\sas\sit\shas\sbeen\sunused\nsince\s2009\scheck-in\s[7f4810747b086498].\s\sSee\salso\n[forum:/forumpost/bb2c634fcd|forum\spost\sbb2c634fcd].
-D 2020-11-24T13:14:15.912
+C Ensure\sthat\ssuper-journal\sand\sother\sjournal\sfilenames\spassed\sby\sSQLite\sto\san\ssqlite3_vfs.xOpen()\simplementation\smay\sbe\ssafely\spassed\sto\ssqlite3_uri_parameter()\sand\ssimilar\sfunctions.
+D 2020-11-24T16:44:09.691
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -526,7 +526,7 @@ F src/os_setup.h 0dbaea40a7d36bf311613d31342e0b99e2536586
 F src/os_unix.c adbbcea4c63d3b400d405f60a5da4c01433753ec4a12e2dc695beb2bbd671fe9
 F src/os_win.c 77d39873836f1831a9b0b91894fec45ab0e9ca8e067dc8c549e1d1eca1566fe9
 F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a
-F src/pager.c 3700a1c55427a3d4168ad1f1b8a8b0cb9ace1d107e4506e30a8f1e66d8a1195e
+F src/pager.c abad00616c86498159e817f44eb8d459d81ce9f2c3c9e38adfd7d354aa521df7
 F src/pager.h 4bf9b3213a4b2bebbced5eaa8b219cf25d4a82f385d093cd64b7e93e5285f66f
 F src/parse.y 9ce4dfb772608ed5bd3c32f33e943e021e3b06cfd2c01932d4280888fdd2ebed
 F src/pcache.c 385ff064bca69789d199a98e2169445dc16e4291fa807babd61d4890c3b34177
@@ -1886,7 +1886,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 4f1573b146193e5d552981a9d1d11e50da4da4a843f790e4af1cf0cc19a0b020
-R ee9c2fcf93cfb72a42ce6077b49b4f8c
-U drh
-Z f6a9d9cdd431b472fbbcfa7c1c30b581
+P 5466dd55d4aa15fd96f00b6e205dfb868879357a476df7ffd29b97bb570629a5
+R 32be1cbc6f93fed343ef5cfb6f785cd6
+U dan
+Z edd6dd37f1d36c213572a037d65e2e50
diff --git a/manifest.uuid b/manifest.uuid
index 3c80e5e305..f3a4bc0f31 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-5466dd55d4aa15fd96f00b6e205dfb868879357a476df7ffd29b97bb570629a5
\ No newline at end of file
+6a28713d59cde0882c3508160347c2ea18c7c4e9bfd1b053103af2d5e12a144c
\ No newline at end of file
diff --git a/src/pager.c b/src/pager.c
index 005d678f94..dbbcc4a258 100644
--- a/src/pager.c
+++ b/src/pager.c
@@ -2486,6 +2486,7 @@ static int pager_delsuper(Pager *pPager, const char *zSuper){
   i64 nSuperJournal;        /* Size of super-journal file */
   char *zJournal;           /* Pointer to one journal within MJ file */
   char *zSuperPtr;          /* Space to hold super-journal filename */
+  char *zFree = 0;          /* Free this buffer */
   int nSuperPtr;            /* Amount of space allocated to zSuperPtr[] */
 
   /* Allocate space for both the pJournal and pSuper file descriptors.
@@ -2510,7 +2511,9 @@ static int pager_delsuper(Pager *pPager, const char *zSuper){
   rc = sqlite3OsFileSize(pSuper, &nSuperJournal);
   if( rc!=SQLITE_OK ) goto delsuper_out;
   nSuperPtr = pVfs->mxPathname+1;
-  zSuperJournal = sqlite3Malloc(nSuperJournal + nSuperPtr + 2);
+  zFree = sqlite3Malloc(4 + nSuperJournal + nSuperPtr + 2);
+  zFree[0] = zFree[1] = zFree[2] = zFree[3] = 0;
+  zSuperJournal = &zFree[4];
   if( !zSuperJournal ){
     rc = SQLITE_NOMEM_BKPT;
     goto delsuper_out;
@@ -2562,7 +2565,7 @@ static int pager_delsuper(Pager *pPager, const char *zSuper){
   rc = sqlite3OsDelete(pVfs, zSuper, 0);
 
 delsuper_out:
-  sqlite3_free(zSuperJournal);
+  sqlite3_free(zFree);
   if( pSuper ){
     sqlite3OsClose(pSuper);
     assert( !isOpen(pJournal) );
@@ -2900,7 +2903,11 @@ end_playback:
   pPager->changeCountDone = pPager->tempFile;
 
   if( rc==SQLITE_OK ){
-    zSuper = pPager->pTmpSpace;
+    /* Leave 4 bytes of space before the super-journal filename in memory.
+    ** This is because it may end up being passed to sqlite3OsOpen(), in
+    ** which case it requires 4 0x00 bytes in memory immediately before
+    ** the filename. */
+    zSuper = &pPager->pTmpSpace[4];
     rc = readSuperJournal(pPager->jfd, zSuper, pPager->pVfs->mxPathname+1);
     testcase( rc!=SQLITE_OK );
   }
@@ -2917,6 +2924,8 @@ end_playback:
     /* If there was a super-journal and this routine will return success,
     ** see if it is possible to delete the super-journal.
     */
+    assert( zSuper==&pPager->pTmpSpace[4] );
+    memset(&zSuper[-4], 0, 4);
     rc = pager_delsuper(pPager, zSuper);
     testcase( rc!=SQLITE_OK );
   }