From: drh <> Date: Wed, 6 Sep 2023 17:07:53 +0000 (+0000) Subject: Add documentation to sqlite3_get/set_clientdata() to make it clear that these X-Git-Tag: version-3.44.0~217^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=93b461ff001f777b6367773c14744ec8f1ba3cca;p=thirdparty%2Fsqlite.git Add documentation to sqlite3_get/set_clientdata() to make it clear that these are security-sensitive interfaces that should not be exposed to potential attackers. FossilOrigin-Name: 2837061d66672a0a73c3fd2ff35ce0e1a66ee6d5365be25d4cc0ccba170c3665 --- diff --git a/manifest b/manifest index 9d593d485e..588e3f5615 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Optimize\ssqlite3_get/set_clientdata()\sfor\sthe\spresumably\scommon\scase\sof\sa\sstatic\sstring\spointer. -D 2023-09-02T08:04:56.497 +C Add\sdocumentation\sto\ssqlite3_get/set_clientdata()\sto\smake\sit\sclear\sthat\sthese\nare\ssecurity-sensitive\sinterfaces\sthat\sshould\snot\sbe\sexposed\sto\spotential\nattackers. +D 2023-09-06T17:07:53.343 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -707,7 +707,7 @@ F src/resolve.c 37953a5f36c60bea413c3c04efcd433b6177009f508ef2ace0494728912fe2e9 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97 F src/select.c 5f545a2c8702d4d3430bbb188cfec47d6c122d899061ef00cbe56af14591c574 F src/shell.c.in 2f9be25294b68b07e7e81f0adcec4475aba6011b64f160e414efe226910c4d7b -F src/sqlite.h.in 7dbea32976fb18740214edc314253c902e127dac7645a705e566644ed4aa5ef5 +F src/sqlite.h.in 1683783c7639ac73378d1a705be6faf115c374c6c3c102412642d43c9eaed74d F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 F src/sqlite3ext.h 2f30b2671f4c03cd27a43f039e11251391066c97d11385f5f963bb40b03038ac F src/sqliteInt.h 985a09af9a8ce7862318ff77550b9b172e684b5a10e55dd96796e08e48f6dbca @@ -2115,8 +2115,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 443ea20ddb0f3bf5d77ef59cd4678f0e32d7da328002bb44d6fc080a53a37e29 -R 296f08550097c4b7507cdcac1545a235 -U stephan -Z 18c0164302708bbf7ef418d7eac59c3e +P 84e38341aeab4fd51690e8536d0101d00e3fb11cc50ebcff05ed219c98328872 +R ba107aa1186f8a45aa47c9a536cfe51b +U drh +Z 0b41bcf28b9ce0b44f7baeffddd8bf46 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 9e693a411a..ce51826a55 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -84e38341aeab4fd51690e8536d0101d00e3fb11cc50ebcff05ed219c98328872 \ No newline at end of file +2837061d66672a0a73c3fd2ff35ce0e1a66ee6d5365be25d4cc0ccba170c3665 \ No newline at end of file diff --git a/src/sqlite.h.in b/src/sqlite.h.in index dd1685db89..43f45555e0 100644 --- a/src/sqlite.h.in +++ b/src/sqlite.h.in @@ -5975,11 +5975,16 @@ void sqlite3_set_auxdata(sqlite3_context*, int N, void*, void (*)(void*)); ** Applications and wrapper libraries are discouraged from using more than ** one client data name each. ** -** There is (currently) no way to enumerate the client data pointers +** There is no way to enumerate the client data pointers ** associated with a database connection. The N parameter can be thought ** of as a secret key such that only code that knows the secret key is able ** to access the associated data. ** +** Security Warning: These interfaces should not be exposed in scripting +** languages or in other circumstances where it might be possible for an +** an attacker to invoke them. Any agent that can invoke these interfaces +** can probably also take control of the process. +** ** Database connection client data is only available for SQLite ** version 3.44.0 ([dateof:3.44.0]) and later. **