From: drh Date: Tue, 7 Jan 2020 18:10:56 +0000 (+0000) Subject: Enforce SQLITE_VTABRISK restrictions. X-Git-Tag: version-3.31.0~45^2~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f68142b820d10f3b0b4b9df65e789f4058eb67d;p=thirdparty%2Fsqlite.git Enforce SQLITE_VTABRISK restrictions. FossilOrigin-Name: 3d87ff312e617a26846d482b423163cad9c222513f33e128f0fe348dda27c7c9 --- diff --git a/manifest b/manifest index 30adf0d294..168249e8ee 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Invert\sthe\sUNTRUSTED_SCHEMA\ssetting\sto\sbe\sTRUSTED_SCHEMA. -D 2020-01-07T16:09:11.843 +C Enforce\sSQLITE_VTABRISK\srestrictions. +D 2020-01-07T18:10:56.084 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -528,7 +528,7 @@ F src/printf.c 9be6945837c839ba57837b4bc3af349eba630920fa5532aa518816defe42a7d4 F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384 F src/resolve.c 894397f372b5c23fb68e0c534d3682f45285f228bb335d713344a7ed37f0ba45 F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93 -F src/select.c 80d1aac7017824b803c8e6bdb75f699e11aef22e02d29d206a523d8a3dcf2a13 +F src/select.c a2be95ccf2f9f98ce3a0b5a0f15200908de4e156802098fedff4f780f04c8b6d F src/shell.c.in 43d3cfbee97d78ca5782dc53e4c1e22d3cc15c91beff20889dc60551f47eab9f F src/sqlite.h.in 972e3473e096cd322abe136caa5cc443c94a93a984030aa07824f0410667d04b F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 @@ -1853,7 +1853,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 5dfa33a09e608d26549e46c58a5563754688af68fa99415f9a548e91f81aca7c -R a21ed46e9ca0e50811978a859d8bcb1e +P f5fcf1fbc6473f8e91315b14d67745f2748010641b7463d1f4ca51e6fdf97462 +R 46209d5a1d64e52999e7462bf5830187 U drh -Z 4afc7b0d302d12e9a276c855c439b690 +Z 6fc5982c5d29c856ec36714597408f55 diff --git a/manifest.uuid b/manifest.uuid index d1429eed65..1471672163 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -f5fcf1fbc6473f8e91315b14d67745f2748010641b7463d1f4ca51e6fdf97462 \ No newline at end of file +3d87ff312e617a26846d482b423163cad9c222513f33e128f0fe348dda27c7c9 \ No newline at end of file diff --git a/src/select.c b/src/select.c index d45735b0ed..d6cd7c25ec 100644 --- a/src/select.c +++ b/src/select.c @@ -4964,7 +4964,15 @@ static int selectExpander(Walker *pWalker, Select *p){ assert( pFrom->pSelect==0 ); if( pTab->pSelect && (db->flags & SQLITE_EnableView)==0 ){ sqlite3ErrorMsg(pParse, "access to view \"%s\" prohibited", - pTab->zName); + pTab->zName); + } + if( IsVirtual(pTab) + && pFrom->fg.fromDDL + && ALWAYS(pTab->pVTable!=0) + && pTab->pVTable->eVtabRisk > ((db->flags & SQLITE_TrustedSchema)!=0) + ){ + sqlite3ErrorMsg(pParse, "cannot access \"%s\" from within a trigger" + " or view", pTab->zName); } pFrom->pSelect = sqlite3SelectDup(db, pTab->pSelect, 0); nCol = pTab->nCol;