From: drh <>
Date: Mon, 26 Dec 2022 15:44:50 +0000 (+0000)
Subject: Fix safe mode authorizer callback to reject disallowed UDFs. Reported at [forum:... 
X-Git-Tag: version-3.40.1~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=57d4d2f9843b7240f6ce50eec7328b26deb22d19;p=thirdparty%2Fsqlite.git

Fix safe mode authorizer callback to reject disallowed UDFs. Reported at [forum:/forumpost/07beac8056151b2f|Forum post 07beac8056151b2f].

FossilOrigin-Name: 70964b8a1cfe8e47bac399db840afda9c35e36d62f1933744f49011e94a2343e
---

diff --git a/manifest b/manifest
index 54eb8a7337..3a5aec83e2 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\san\sinfinite\sloop\sin\sthe\sMEMSYS5\sauxiliary\smemory\sallocator\sthat\soccurs\nfor\smemory\sallocations\sbetween\s1GiB\sand\s2GiB\sin\ssize.\s\sError\sintroduced\nby\scheck-in\s[949133231f8f751a].\s\sThe\sproblem\sonly\saffects\sbuilds\sthat\ninclude\sthe\sSQLITE_ENABLE_MEMSYS5\scompile-time\soption.
-D 2022-12-26T15:21:42.738
+C Fix\ssafe\smode\sauthorizer\scallback\sto\sreject\sdisallowed\sUDFs.\sReported\sat\s[forum:/forumpost/07beac8056151b2f|Forum\spost\s07beac8056151b2f].
+D 2022-12-26T15:44:50.150
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -638,7 +638,7 @@ F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c
 F src/resolve.c efea4e5fbecfd6d0a9071b0be0d952620991673391b6ffaaf4c277b0bb674633
 F src/rowset.c ba9515a922af32abe1f7d39406b9d35730ed65efab9443dc5702693b60854c92
 F src/select.c 9886d6669f5787471aab6ae52af76fad90b53edb1c218fc9ed9d953363bc5184
-F src/shell.c.in 743949ff5c7efe0fc9960d59e32b206ecc6c7079df01faf3e5f44b55c128f2e2
+F src/shell.c.in f2736e84caf751e94477776df8ab0e4ebc8311de00594d997abd81533debc85c
 F src/sqlite.h.in bdb10b78166f5b735318667eb16c84ac90d9e0de88cc25c193eeb4379a126945
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
 F src/sqlite3ext.h c4b9fa7a7e2bcdf850cfeb4b8a91d5ec47b7a00033bc996fd2ee96cbf2741f5f
@@ -1491,7 +1491,7 @@ F test/sharedB.test 1a84863d7a2204e0d42f2e1606577c5e92e4473fa37ea0f5bdf829e4bf8e
 F test/shared_err.test 32634e404a3317eeb94abc7a099c556a346fdb8fb3858dbe222a4cbb8926a939
 F test/sharedlock.test 5ede3c37439067c43b0198f580fd374ebf15d304
 F test/shell1.test e4b4de56f454708e0747b52915135baa2cbfec4965406d6eaf02a4a5c22a9880
-F test/shell2.test c536c2aab4852608f8a606262330797abc4d964a4c2c782a7760f54ea1f17a6a
+F test/shell2.test 1190b951373fdfe719bc6ac16962bc743dfa4355db8ae546c0bb9bf559a28d4a
 F test/shell3.test 91febeac0412812bf6370abb8ed72700e32bf8f9878849414518f662dfd55e8a
 F test/shell4.test 7dc8a515705bc093d8ffe381670e8fa7a969661e8ed177c35c847e3c6dfc35e2
 F test/shell5.test c8b6c54f26ec537f8558273d7ed293ca3725ef42e6b12b8f151718628bd1473b
@@ -2055,9 +2055,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P d18cce37b5b73bb2a4f28eb1b55eb2c3ffe1fc23c921c13170af3d74a549f48e
-Q +8da0f0c38a458c57f979d59b49cf4804ef81fc2eccabde1f166bab24dd1dabea
-R 2c5b08ba1e22dd61038e8865cc6e3975
+P c10d40ca683941be71f3be59b4251cf326a90a24e893169c744ade944dce3ee0
+Q +cefc032473ac5ad244c0b6402c541b2f76c0c65a041bda03bfbe7c0e2c11fac2
+R c362cdf9beffff40e0a5f53d15c2cc7b
 U drh
-Z f8e2b7b61dcdda51d9c96216eeaf6f7d
+Z 698d6f848930185c92364e8b88cfbb5f
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 045fb949b0..b1ecd93fff 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-c10d40ca683941be71f3be59b4251cf326a90a24e893169c744ade944dce3ee0
\ No newline at end of file
+70964b8a1cfe8e47bac399db840afda9c35e36d62f1933744f49011e94a2343e
\ No newline at end of file
diff --git a/src/shell.c.in b/src/shell.c.in
index e7a7ba36c8..2b4cede764 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -1875,7 +1875,7 @@ static int safeModeAuth(
     "zipfile",
     "zipfile_cds",
   };
-  UNUSED_PARAMETER(zA2);
+  UNUSED_PARAMETER(zA1);
   UNUSED_PARAMETER(zA3);
   UNUSED_PARAMETER(zA4);
   switch( op ){
@@ -1890,7 +1890,7 @@ static int safeModeAuth(
     case SQLITE_FUNCTION: {
       int i;
       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
-        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
+        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
           failIfSafeMode(p, "cannot use the %s() function in safe mode",
                          azProhibitedFunctions[i]);
         }
diff --git a/test/shell2.test b/test/shell2.test
index 2237404e5a..6b5c2bc105 100644
--- a/test/shell2.test
+++ b/test/shell2.test
@@ -191,4 +191,16 @@ do_test shell2-1.4.7 {
   SELECT 'unclosed;
          ^--- error here}}
 
+# Verify that safe mode rejects certain UDFs
+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
+do_test shell2-1.4.8 {
+  catchcmd "-safe :memory:" {
+ SELECT edit('DoNotCare');}
+} {1 {line 2: cannot use the edit() function in safe mode}}
+do_test shell2-1.4.9 {
+  catchcmd "-safe :memory:" {
+ SELECT writefile('DoNotCare', x'');}
+} {1 {line 2: cannot use the writefile() function in safe mode}}
+
+
 finish_test