From: dan Date: Tue, 30 Jan 2018 14:07:55 +0000 (+0000) Subject: Prevent users from creating zipfile() virtual tables without an argument. X-Git-Tag: version-3.23.0~169 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fdcd9d4e6c4a08855660df26b84139105f863df3;p=thirdparty%2Fsqlite.git Prevent users from creating zipfile() virtual tables without an argument. FossilOrigin-Name: 81fdbe0cc5a360f818078d47a5888d0a29d555927da279a9a0213702d74ef09a --- diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c index f325868149..247d0b7355 100644 --- a/ext/misc/zipfile.c +++ b/ext/misc/zipfile.c @@ -318,6 +318,21 @@ static int zipfileConnect( ZipfileTab *pNew = 0; int rc; + /* If the table name is not "zipfile", require that the argument be + ** specified. This stops zipfile tables from being created as: + ** + ** CREATE VIRTUAL TABLE zzz USING zipfile(); + ** + ** It does not prevent: + ** + ** CREATE VIRTUAL TABLE zipfile USING zipfile(); + */ + assert( 0==sqlite3_stricmp(argv[0], "zipfile") ); + if( (0!=sqlite3_stricmp(argv[2], "zipfile") && argc<4) || argc>4 ){ + *pzErr = sqlite3_mprintf("zipfile constructor requires one argument"); + return SQLITE_ERROR; + } + if( argc>3 ){ zFile = argv[3]; nFile = (int)strlen(zFile)+1; @@ -1725,72 +1740,6 @@ static void zipfileFunctionCds( } } -static void zipfileFunctionBlob( - sqlite3_context *context, - int argc, - sqlite3_value **argv -){ - ZipfileCsr *pCsr; - ZipfileTab *pTab = (ZipfileTab*)sqlite3_user_data(context); - ZipfileEntry *p; - int nBody = 0; - int nCds = 0; - int nEocd = ZIPFILE_EOCD_FIXED_SZ; - ZipfileEOCD eocd; - - u8 *aZip; - int nZip; - - u8 *aBody; - u8 *aCds; - - pCsr = zipfileFindCursor(pTab, sqlite3_value_int64(argv[0])); - if( pCsr->pFile || pTab->zFile ){ - sqlite3_result_error(context, "illegal use of zipfile_blob()", -1); - return; - } - - /* Figure out how large the final file will be */ - for(p=pTab->pFirstEntry; p; p=p->pNext){ - nBody += ZIPFILE_LFH_FIXED_SZ + p->cds.nFile + 9 + p->cds.szCompressed; - nCds += ZIPFILE_CDS_FIXED_SZ + p->cds.nFile + 9; - } - - /* Allocate space to create the serialized file */ - nZip = nBody + nCds + nEocd; - aZip = (u8*)sqlite3_malloc(nZip); - if( aZip==0 ){ - sqlite3_result_error_nomem(context); - return; - } - aBody = aZip; - aCds = &aZip[nBody]; - - /* Populate the body and CDS */ - memset(&eocd, 0, sizeof(eocd)); - for(p=pTab->pFirstEntry; p; p=p->pNext){ - p->cds.iOffset = (aBody - aZip); - aBody += zipfileSerializeLFH(p, aBody); - if( p->cds.szCompressed ){ - memcpy(aBody, p->aData, p->cds.szCompressed); - aBody += p->cds.szCompressed; - } - aCds += zipfileSerializeCDS(p, aCds); - eocd.nEntry++; - } - - /* Append the EOCD record */ - assert( aBody==&aZip[nBody] ); - assert( aCds==&aZip[nBody+nCds] ); - eocd.nEntryTotal = eocd.nEntry; - eocd.nSize = nCds; - eocd.iOffset = nBody; - zipfileSerializeEOCD(&eocd, aCds); - - sqlite3_result_blob(context, aZip, nZip, zipfileFree); -} - - /* ** xFindFunction method. */ @@ -1807,11 +1756,6 @@ static int zipfileFindFunction( *ppArg = (void*)pVtab; return 1; } - if( sqlite3_stricmp("zipfile_blob", zName)==0 ){ - *pxFunc = zipfileFunctionBlob; - *ppArg = (void*)pVtab; - return 1; - } } return 0; @@ -2091,7 +2035,6 @@ static int zipfileRegister(sqlite3 *db){ int rc = sqlite3_create_module(db, "zipfile" , &zipfileModule, 0); if( rc==SQLITE_OK ) rc = sqlite3_overload_function(db, "zipfile_cds", -1); - if( rc==SQLITE_OK ) rc = sqlite3_overload_function(db, "zipfile_blob", -1); if( rc==SQLITE_OK ){ rc = sqlite3_create_function(db, "zipfile", -1, SQLITE_UTF8, 0, 0, zipfileStep, zipfileFinal diff --git a/manifest b/manifest index 0b73afb532..f52d1dd656 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sunix-only\stests\sto\scheck\sthat\sthe\s"unzip"\sprogram\scan\sunpack\sarchives\ngenerated\sby\sthe\szipfile\sextension. -D 2018-01-29T19:47:32.262 +C Prevent\susers\sfrom\screating\szipfile()\svirtual\stables\swithout\san\sargument. +D 2018-01-30T14:07:55.726 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 7a3f714b4fcf793108042b7b0a5c720b0b310ec84314d61ba7f3f49f27e550ea @@ -304,7 +304,7 @@ F ext/misc/vfsstat.c bf10ef0bc51e1ad6756629e1edb142f7a8db1178 F ext/misc/vtablog.c 31d0d8f4406795679dcd3a67917c213d3a2a5fb3ea5de35f6e773491ed7e13c9 F ext/misc/vtshim.c 1976e6dd68dd0d64508c91a6dfab8e75f8aaf6cd F ext/misc/wholenumber.c 784b12543d60702ebdd47da936e278aa03076212 -F ext/misc/zipfile.c 73d932caf69fea8ba42b58ce2cea0fbea2c126a355498fd215008f61651ec661 +F ext/misc/zipfile.c ead25f062cee790b7c764ce8d2c6ad32a7ac82fc31ea80f69be99948f96f2d19 F ext/rbu/rbu.c ea7d1b7eb44c123a2a619332e19fe5313500705c4a58aaa1887905c0d83ffc2e F ext/rbu/rbu1.test 43836fac8c7179a358eaf38a8a1ef3d6e6285842 F ext/rbu/rbu10.test 1846519a438697f45e9dcb246908af81b551c29e1078d0304fae83f1fed7e9ee @@ -1603,7 +1603,7 @@ F test/wordcount.c cb589cec469a1d90add05b1f8cee75c7210338d87a5afd65260ed5c0f4bbf F test/writecrash.test f1da7f7adfe8d7f09ea79b42e5ca6dcc41102f27f8e334ad71539501ddd910cc F test/zeroblob.test 3857870fe681b8185654414a9bccfde80b62a0fa F test/zerodamage.test 9c41628db7e8d9e8a0181e59ea5f189df311a9f6ce99cc376dc461f66db6f8dc -F test/zipfile.test c40ae3a5d3fd0a31a8c6bdae1dbef55dd7140acb0d3b316c8edb744085ea6134 +F test/zipfile.test 368a5a0c97be0caaf8c3efa8293bfe18436d546805678fa00b6aa81bc98727ec F tool/GetFile.cs a15e08acb5dd7539b75ba23501581d7c2b462cb5 F tool/GetTclKit.bat 8995df40c4209808b31f24de0b58f90930239a234f7591e3675d45bfbb990c5d F tool/Replace.cs 02c67258801c2fb5f63231e0ac0f220b4b36ba91 @@ -1702,7 +1702,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P e364eeac76a8225146b37d801bc6cabe03e9abede5a1412ebe9d94a32d8838cc -R 78b9ab6ccbbf51cef503aff35913fad6 +P 438c5c5237a801ae78809bf324bb9251fb50250addfc1f8e36659442b0e26ab6 +R 0f8eb13d715c2195926ed8684b288375 U dan -Z 634d51e6967cb83c15fce21d55a23989 +Z 6708ef6af1eb582ebfe61496df2754b7 diff --git a/manifest.uuid b/manifest.uuid index 63ba75784e..2d66824214 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -438c5c5237a801ae78809bf324bb9251fb50250addfc1f8e36659442b0e26ab6 \ No newline at end of file +81fdbe0cc5a360f818078d47a5888d0a29d555927da279a9a0213702d74ef09a \ No newline at end of file diff --git a/test/zipfile.test b/test/zipfile.test index d43e685e15..76e7d924df 100644 --- a/test/zipfile.test +++ b/test/zipfile.test @@ -358,24 +358,14 @@ do_catchsql_test 3.2 { } {1 {no such column: rowid}} #------------------------------------------------------------------------- -reset_db -forcedelete test.zip -load_static_extension db zipfile - -do_execsql_test 4.0 { - CREATE VIRTUAL TABLE x2 USING zipfile(); - INSERT INTO x2(name, data) VALUES('dir1/', NULL); - INSERT INTO x2(name, data) VALUES('file1', '1234'); - INSERT INTO x2(name, data) VALUES('dir1/file2', '5678'); - SELECT name, data FROM x2 -} { - dir1/ {} file1 1234 dir1/file2 5678 -} - -do_test 4.1 { - set data [db one {SELECT zipfile_blob(z) FROM x2 LIMIT 1}] - db eval { SELECT name, data FROM zipfile($data) } -} {dir1/ {} file1 1234 dir1/file2 5678} +# Test some error conditions. +# +do_catchsql_test 4.1 { + CREATE VIRTUAL TABLE yyy USING zipfile(); +} {1 {zipfile constructor requires one argument}} +do_catchsql_test 4.2 { + CREATE VIRTUAL TABLE yyy USING zipfile('test.zip', 'test.zip'); +} {1 {zipfile constructor requires one argument}}