]> git.ipfire.org Git - thirdparty/sqlite.git/commitdiff
Be sure to invoke the authorizer callback on all terms of the USING clause
authordrh <>
Sun, 5 Jul 2026 16:06:33 +0000 (16:06 +0000)
committerdrh <>
Sun, 5 Jul 2026 16:06:33 +0000 (16:06 +0000)
in a RIGHT JOIN.
[bugs:/info/2026-07-05T08:15:45Z|Bug 2026-07-05T08:15:45Z]

FossilOrigin-Name: bbd69ce27462000873af053bfebdd305c53deac85c426b1e7dbd927b5f17d622

manifest
manifest.uuid
src/resolve.c
test/auth.test

index f60c7d3b124eaacc0127ef47dd250ce0d80783c4..68502c615989fd00525fcad5dc7cbb27cc19f155 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\sthe\sstrdup()\sSQL\sfunction\sextension\sfor\suse\sin\stesting.
-D 2026-07-04T15:09:52.291
+C Be\ssure\sto\sinvoke\sthe\sauthorizer\scallback\son\sall\sterms\sof\sthe\sUSING\sclause\nin\sa\sRIGHT\sJOIN.\n[bugs:/info/2026-07-05T08:15:45Z|Bug\s2026-07-05T08:15:45Z]
+D 2026-07-05T16:06:33.418
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -738,7 +738,7 @@ F src/pragma.c 789ef67117b74b5be0a2db6681f7f0c55e6913791b9da309aefd280de2c8a74d
 F src/prepare.c 4e6c56f92b2cba5b8efe44bae275e11436074504d1a25af56210f8fdd1d311b9
 F src/printf.c b480176bd0aaed9d64e804cfa3ca27fc585f65a73e7c7ca2fe9b9016db2cf6d5
 F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c
-F src/resolve.c d0724113da9f5c0430d2052808ce59519f51ae7c4fbb1f5ef21fe3a832956086
+F src/resolve.c 54395ee97eb710e695202d4112cf2b1c1c7767a57afcea745df71abb1c917768
 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97
 F src/select.c f553420eaf5c72a49cef786621eea79dd8c4411671839fb05250bb49ca74a0a0
 F src/shell.c.in 1bdd1d402ab9e50515010b1f3d1de86f7f98c103fb29f609b068aca513aff995
@@ -883,7 +883,7 @@ F test/attach2.test 6d1e3a457ce260d6fc8e5945c07fba6c76dc2aa90e1c701f067b50ee88f7
 F test/attach3.test c59d92791070c59272e00183b7353eeb94915976
 F test/attach4.test 00e754484859998d124d144de6d114d920f2ed6ca2f961e6a7f4183c714f885e
 F test/attachmalloc.test 67309af95c6b765c13e7d2279d7fccbef78e6eb0565d75d51cefd5dc88784549
-F test/auth.test 2a01bf5bf3a0f10adf8ae3a3fd2c05af8a8c1b7a52fae227adb4ccd931915b5c
+F test/auth.test 194adb09a15b33c56552cb7fdafe1651a0320c903968ba482f4e8d001ed41976
 F test/auth2.test fb34df35ceca8d24e01219e993a3c1d9cb646e83b434627e158343bda1f6e0da
 F test/auth3.test 76d20a7fa136d63bcfcf8bcb65c0b1455ed71078d81f22bcd0550d3eb18594ab
 F test/autoanalyze1.test b9cc3f32a990fa56669b668d237c6d53e983554ae80c0604992e18869a0b2dec
@@ -2211,8 +2211,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 96072f5f872c8e62dedf48a4ba47ca5f3bd55e98b122f62199a1d0be06de95b4
-R 414dc3f80a7cc685e5663396651ccaf5
+P 521a7cf8443d914ae0486aa8a91924ed35a1d5b88082acbe513cef216408c97e
+R c47e3ec58dfc5b3c5721b3f7bceaef2d
 U drh
-Z 93dc4f3e94c84ded35b9bcfd94d32163
+Z 83984ac253e20b3c315465f7f95b3ff9
 # Remove this line to create a well-formed Fossil manifest.
index 15011a3968961961e210f46b65fc4c7eec148e26..04677670ab8492071fe6d7b0f89d45517280e54d 100644 (file)
@@ -1 +1 @@
-521a7cf8443d914ae0486aa8a91924ed35a1d5b88082acbe513cef216408c97e
+bbd69ce27462000873af053bfebdd305c53deac85c426b1e7dbd927b5f17d622
index ebc6075ce93b067883146974b572ed77283ff5ec..223bfceb72ab8ade71aa4d5236a621591dbb7582 100644 (file)
@@ -839,13 +839,16 @@ lookupname_end:
 #ifndef SQLITE_OMIT_AUTHORIZATION
     if( db->xAuth ){
       if( pFJMatch ){
+        int ii;
         assert( pExpr->op==TK_FUNCTION );
         assert( sqlite3_stricmp(pExpr->u.zToken,"coalesce")==0 );
         assert( pExpr->x.pList==pFJMatch );
         assert( pFJMatch->nExpr>0 );
-        pExpr = pFJMatch->a[0].pExpr;
-      }
-      if( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER ){
+        for(ii=0; ii<pFJMatch->nExpr; ii++){
+          assert( pFJMatch->a[0].pExpr->op==TK_COLUMN );
+          sqlite3AuthRead(pParse, pFJMatch->a[0].pExpr, pSchema, pNC->pSrcList);
+        }
+      }else if( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER ){
         sqlite3AuthRead(pParse, pExpr, pSchema, pNC->pSrcList);
       }
     } 
index f378b900af978f8306dfa20de477bab01b9a764f..cce9a8b4eabb2eedfc71e79245aee0541237e514 100644 (file)
@@ -2672,6 +2672,31 @@ do_test auth-8.4 {
   SQLITE_READ t7 {} {} {}            \
 ]
 
+# Bug 2026-07-05T08:15:45Z
+#
+proc auth {op args} {
+  foreach {a b c d} $args break
+  lappend ::authargs $op $a $b $c $d
+  return "SQLITE_OK"
+}
+do_execsql_test auth-9.1 {
+  DROP TABLE IF EXISTS t1;
+  DROP TABLE IF EXISTS t2;
+  CREATE TABLE t1(x,y1); INSERT INTO t1 VALUES(1,'a');
+  CREATE TABLE t2(x,y2); INSERT INTO t2 VALUES(99,'z');
+}
+set ::authargs [list]
+do_execsql_test auth-9.2 {
+  SELECT x,y2 FROM t1 FULL JOIN t2 USING(x);
+} {1 {} 99 z}
+do_test auth-9.3 {
+  set ::authargs
+} [list \
+  SQLITE_SELECT {} {} {} {} \
+  SQLITE_READ t1 x main {} \
+  SQLITE_READ t1 x main {} \
+  SQLITE_READ t2 y2 main {} \
+]
 
 rename proc {}
 rename proc_real proc