From: drh Date: Fri, 13 Jan 2006 13:55:44 +0000 (+0000) Subject: Make sure the authenticator does not try to authenticate columns in X-Git-Tag: version-3.6.10~3228 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3e4d96f5d96e873ae916ef4e70f78a0a5a94cb1;p=thirdparty%2Fsqlite.git Make sure the authenticator does not try to authenticate columns in subqueries. Ticket #1607. (CVS 2939) FossilOrigin-Name: 55b7dfaf4d3a6d01fffdaf1707e88bcd215d7333 --- diff --git a/manifest b/manifest index f4d9f2d1f9..0e040c21aa 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\svdbe\sstack\soverflow\sproblem\sthat\scould\soccur\swith\sa\scorrelated\ssub-query.\s(CVS\s2938) -D 2006-01-13T13:01:19 +C Make\ssure\sthe\sauthenticator\sdoes\snot\stry\sto\sauthenticate\scolumns\sin\nsubqueries.\s\s\sTicket\s#1607.\s(CVS\s2939) +D 2006-01-13T13:55:45 F Makefile.in ab3ffd8d469cef4477257169b82810030a6bb967 F Makefile.linux-gcc aee18d8a05546dcf1888bd4547e442008a49a092 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028 @@ -33,7 +33,7 @@ F sqlite3.pc.in 985b9bf34192a549d7d370e0f0b6b34a4f61369a F src/alter.c 4139c8f1d0f12b1759e767b1d09dd594e2b5ac1d F src/analyze.c 7d2b7ab9a9c2fd6e55700f69064dfdd3e36d7a8a F src/attach.c d4b9d8bd71d72409720946355be41cafb6c09079 -F src/auth.c cdec356a5cd8b217c346f816c5912221537fe87f +F src/auth.c 9ae84d2d94eb96195e04515715e08e85963e96c2 F src/btree.c fe2bdc08a1fc5847eb7eebfce5251558440dcc28 F src/btree.h 5663c4f43e8521546ccebc8fc95acb013b8f3184 F src/build.c 6db3dcb70ae17dcd303493c021e6dd233217828f @@ -107,7 +107,7 @@ F test/attach.test dae07fa1554b618b9cc4c7bc349b3bc1a532180e F test/attach2.test 0e6a7c54343c85dd877a1e86073a05176043ed40 F test/attach3.test 63013383adc4380af69779f34f4af19bd49f7cbe F test/attachmalloc.test cdb26c42850f04698377ccec05f5fa89d987837c -F test/auth.test 973ae7274eae32c4453fbbcbd0ec2b80c5b1eeb3 +F test/auth.test 487fdd95cf1f765815455012e7338d9019bf8852 F test/autoinc.test 60005a676e3e4e17dfa9dbd08aa0b76587ff97e3 F test/autovacuum.test 9471d58a08b14dc0d2c15b87583c46d1744343d6 F test/autovacuum_crash.test 05a63b8805b20cfba7ace82856ce4ccdda075a31 @@ -340,7 +340,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/version3.tcl a99cf5f6d8bd4d5537584a2b342f0fb9fa601d8b F www/whentouse.tcl 97e2b5cd296f7d8057e11f44427dea8a4c2db513 -P 5e46ec01ff3fe8654fc267efbb12d2d1b01c48aa -R dcb9fd33555e157fe0ad7a05ab19e97e -U danielk1977 -Z 81727b2a642e7063a9db6351127fac13 +P caa7da807d6578f7d8848978a7d3175b6ea1743b +R 6f79ad1aee69a2aa6006e2d298cd5d79 +U drh +Z b22000ffe605fffb14ba67c5c1828077 diff --git a/manifest.uuid b/manifest.uuid index 075157754c..156aee407c 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -caa7da807d6578f7d8848978a7d3175b6ea1743b \ No newline at end of file +55b7dfaf4d3a6d01fffdaf1707e88bcd215d7333 \ No newline at end of file diff --git a/src/auth.c b/src/auth.c index b24976e573..964ae66a63 100644 --- a/src/auth.c +++ b/src/auth.c @@ -14,7 +14,7 @@ ** systems that do not need this facility may omit it by recompiling ** the library with -DSQLITE_OMIT_AUTHORIZATION=1 ** -** $Id: auth.c,v 1.23 2006/01/05 11:34:34 danielk1977 Exp $ +** $Id: auth.c,v 1.24 2006/01/13 13:55:45 drh Exp $ */ #include "sqliteInt.h" @@ -118,6 +118,11 @@ void sqlite3AuthRead( if( pExpr->op==TK_AS ) return; assert( pExpr->op==TK_COLUMN ); iDb = sqlite3SchemaToIndex(pParse->db, pExpr->pSchema); + if( iDb<0 ){ + /* An attempt to read a column out of a subquery or other + ** temporary table. */ + return; + } for(iSrc=0; pTabList && iSrcnSrc; iSrc++){ if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break; } @@ -142,7 +147,7 @@ void sqlite3AuthRead( }else{ zCol = "ROWID"; } - assert( iDbnDb ); + assert( iDb>=0 && iDbnDb ); zDBase = db->aDb[iDb].zName; rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, pParse->zAuthContext); diff --git a/test/auth.test b/test/auth.test index 24165ea5cc..b5f8dcf1c5 100644 --- a/test/auth.test +++ b/test/auth.test @@ -12,7 +12,7 @@ # focus of this script is testing the ATTACH and DETACH commands # and related functionality. # -# $Id: auth.test,v 1.29 2005/07/29 15:36:15 drh Exp $ +# $Id: auth.test,v 1.30 2006/01/13 13:55:45 drh Exp $ # set testdir [file dirname $argv0] @@ -2207,6 +2207,17 @@ do_test auth-5.1 { } } {1} +# Ticket #1607 +# +do_test auth-5.2 { + execsql { + SELECT name FROM ( + SELECT * FROM sqlite_master UNION ALL SELECT * FROM sqlite_temp_master) + WHERE type='table' + ORDER BY name + } +} {sqlite_stat1 t1 t2 t3 t4 tx v1chng} + rename proc {} rename proc_real proc