From: drh <> Date: Wed, 9 Mar 2022 12:20:40 +0000 (+0000) Subject: Improve the defenses against bad pathnames input into the findCreateFileMode() X-Git-Tag: version-3.39.0~323 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=577f0a1e454e7b5027ca1621c4501253457164bb;p=thirdparty%2Fsqlite.git Improve the defenses against bad pathnames input into the findCreateFileMode() function of os_unix.c in order to quiet static-analyzer warnings. There are no demonstrated problems in the prior code, but this change makes the code easier to prove correct and more robust against future changes. FossilOrigin-Name: a9cda38997a692e25d2fe994a9a3fb9472c00ba04323c82e706fdb1112d4244e --- diff --git a/manifest b/manifest index 0da165e6f9..46f9512989 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sminor\stypo\sin\sa\scomment. -D 2022-03-08T15:49:17.727 +C Improve\sthe\sdefenses\sagainst\sbad\spathnames\sinput\sinto\sthe\sfindCreateFileMode()\nfunction\sof\sos_unix.c\sin\sorder\sto\squiet\sstatic-analyzer\swarnings.\s\sThere\nare\sno\sdemonstrated\sproblems\sin\sthe\sprior\scode,\sbut\sthis\schange\smakes\sthe\scode\neasier\sto\sprove\scorrect\sand\smore\srobust\sagainst\sfuture\schanges. +D 2022-03-09T12:20:40.382 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -536,7 +536,7 @@ F src/os.c b1c4f2d485961e9a5b6b648c36687d25047c252222e9660b7cc25a6e1ea436ab F src/os.h 26890f540b475598cd9881dcc68931377b8d429d3ea3e2eeb64470cde64199f8 F src/os_common.h b2f4707a603e36811d9b1a13278bffd757857b85 F src/os_setup.h 0dbaea40a7d36bf311613d31342e0b99e2536586 -F src/os_unix.c f5ad51cfd024116db8531feab9efd831c2621436dca1464e4ff1e8af9bf3252e +F src/os_unix.c f0dc85d439ece53120c4071c98876758ec24e6f713b67af3711af033c897091e F src/os_win.c 77d39873836f1831a9b0b91894fec45ab0e9ca8e067dc8c549e1d1eca1566fe9 F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a F src/pager.c 42120492784fc9bcd9082b5c9b5e329b7318c357f9f3574a1bbfcf7418910356 @@ -1944,8 +1944,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 5e30c6ea707f9d381127e8b2bb59e0b39bc00997da2c14d32a0e302d0121203b -R dd5da23e574023e92e905ca7b95262f2 +P cf61419f8816377f40ea032e1e3fb8b765ff7eb5b3a5ece8f7b59acffc5d3f05 +R 4636c384f511b3ce8faf4df959f18ada U drh -Z b1ecbf8808dd4301db6e0ee5abe242f9 +Z d8f9c4f94a9d430581376bee45736088 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index f58af3d910..a3f62c76e7 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -cf61419f8816377f40ea032e1e3fb8b765ff7eb5b3a5ece8f7b59acffc5d3f05 \ No newline at end of file +a9cda38997a692e25d2fe994a9a3fb9472c00ba04323c82e706fdb1112d4244e \ No newline at end of file diff --git a/src/os_unix.c b/src/os_unix.c index cd619f5c04..f4e5421469 100644 --- a/src/os_unix.c +++ b/src/os_unix.c @@ -6011,20 +6011,23 @@ static int findCreateFileMode( ** ** where NN is a decimal number. The NN naming schemes are ** used by the test_multiplex.c module. + ** + ** In normal operation, the journal file name will always contain + ** a '-' character. However in 8+3 filename mode, or if a corrupt + ** rollback journal specifies a super-journal with a goofy name, then + ** the '-' might be missing or the '-' might be the first character in + ** the filename. In that case, just return SQLITE_OK with *pMode==0. */ - nDb = sqlite3Strlen30(zPath) - 1; - while( zPath[nDb]!='-' ){ - /* In normal operation, the journal file name will always contain - ** a '-' character. However in 8+3 filename mode, or if a corrupt - ** rollback journal specifies a super-journal with a goofy name, then - ** the '-' might be missing. */ - if( nDb==0 || zPath[nDb]=='.' ) return SQLITE_OK; + nDb = sqlite3Strlen30(zPath) - 1; + while( nDb>0 && zPath[nDb]!='.' ){ + if( zPath[nDb]=='-' ){ + memcpy(zDb, zPath, nDb); + zDb[nDb] = '\0'; + rc = getFileMode(zDb, pMode, pUid, pGid); + break; + } nDb--; } - memcpy(zDb, zPath, nDb); - zDb[nDb] = '\0'; - - rc = getFileMode(zDb, pMode, pUid, pGid); }else if( flags & SQLITE_OPEN_DELETEONCLOSE ){ *pMode = 0600; }else if( flags & SQLITE_OPEN_URI ){