From: drh <> Date: Sun, 5 Jul 2026 16:06:33 +0000 (+0000) Subject: Be sure to invoke the authorizer callback on all terms of the USING clause X-Git-Url: http://git.ipfire.org/index.cgi?a=commitdiff_plain;h=7ff247c5b9ead3ad8a69c26d3fd264878e127237;p=thirdparty%2Fsqlite.git Be sure to invoke the authorizer callback on all terms of the USING clause in a RIGHT JOIN. [bugs:/info/2026-07-05T08:15:45Z|Bug 2026-07-05T08:15:45Z] FossilOrigin-Name: bbd69ce27462000873af053bfebdd305c53deac85c426b1e7dbd927b5f17d622 --- diff --git a/manifest b/manifest index f60c7d3b12..68502c6159 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sthe\sstrdup()\sSQL\sfunction\sextension\sfor\suse\sin\stesting. -D 2026-07-04T15:09:52.291 +C Be\ssure\sto\sinvoke\sthe\sauthorizer\scallback\son\sall\sterms\sof\sthe\sUSING\sclause\nin\sa\sRIGHT\sJOIN.\n[bugs:/info/2026-07-05T08:15:45Z|Bug\s2026-07-05T08:15:45Z] +D 2026-07-05T16:06:33.418 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -738,7 +738,7 @@ F src/pragma.c 789ef67117b74b5be0a2db6681f7f0c55e6913791b9da309aefd280de2c8a74d F src/prepare.c 4e6c56f92b2cba5b8efe44bae275e11436074504d1a25af56210f8fdd1d311b9 F src/printf.c b480176bd0aaed9d64e804cfa3ca27fc585f65a73e7c7ca2fe9b9016db2cf6d5 F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c -F src/resolve.c d0724113da9f5c0430d2052808ce59519f51ae7c4fbb1f5ef21fe3a832956086 +F src/resolve.c 54395ee97eb710e695202d4112cf2b1c1c7767a57afcea745df71abb1c917768 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97 F src/select.c f553420eaf5c72a49cef786621eea79dd8c4411671839fb05250bb49ca74a0a0 F src/shell.c.in 1bdd1d402ab9e50515010b1f3d1de86f7f98c103fb29f609b068aca513aff995 @@ -883,7 +883,7 @@ F test/attach2.test 6d1e3a457ce260d6fc8e5945c07fba6c76dc2aa90e1c701f067b50ee88f7 F test/attach3.test c59d92791070c59272e00183b7353eeb94915976 F test/attach4.test 00e754484859998d124d144de6d114d920f2ed6ca2f961e6a7f4183c714f885e F test/attachmalloc.test 67309af95c6b765c13e7d2279d7fccbef78e6eb0565d75d51cefd5dc88784549 -F test/auth.test 2a01bf5bf3a0f10adf8ae3a3fd2c05af8a8c1b7a52fae227adb4ccd931915b5c +F test/auth.test 194adb09a15b33c56552cb7fdafe1651a0320c903968ba482f4e8d001ed41976 F test/auth2.test fb34df35ceca8d24e01219e993a3c1d9cb646e83b434627e158343bda1f6e0da F test/auth3.test 76d20a7fa136d63bcfcf8bcb65c0b1455ed71078d81f22bcd0550d3eb18594ab F test/autoanalyze1.test b9cc3f32a990fa56669b668d237c6d53e983554ae80c0604992e18869a0b2dec @@ -2211,8 +2211,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P 96072f5f872c8e62dedf48a4ba47ca5f3bd55e98b122f62199a1d0be06de95b4 -R 414dc3f80a7cc685e5663396651ccaf5 +P 521a7cf8443d914ae0486aa8a91924ed35a1d5b88082acbe513cef216408c97e +R c47e3ec58dfc5b3c5721b3f7bceaef2d U drh -Z 93dc4f3e94c84ded35b9bcfd94d32163 +Z 83984ac253e20b3c315465f7f95b3ff9 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 15011a3968..04677670ab 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -521a7cf8443d914ae0486aa8a91924ed35a1d5b88082acbe513cef216408c97e +bbd69ce27462000873af053bfebdd305c53deac85c426b1e7dbd927b5f17d622 diff --git a/src/resolve.c b/src/resolve.c index ebc6075ce9..223bfceb72 100644 --- a/src/resolve.c +++ b/src/resolve.c @@ -839,13 +839,16 @@ lookupname_end: #ifndef SQLITE_OMIT_AUTHORIZATION if( db->xAuth ){ if( pFJMatch ){ + int ii; assert( pExpr->op==TK_FUNCTION ); assert( sqlite3_stricmp(pExpr->u.zToken,"coalesce")==0 ); assert( pExpr->x.pList==pFJMatch ); assert( pFJMatch->nExpr>0 ); - pExpr = pFJMatch->a[0].pExpr; - } - if( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER ){ + for(ii=0; iinExpr; ii++){ + assert( pFJMatch->a[0].pExpr->op==TK_COLUMN ); + sqlite3AuthRead(pParse, pFJMatch->a[0].pExpr, pSchema, pNC->pSrcList); + } + }else if( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER ){ sqlite3AuthRead(pParse, pExpr, pSchema, pNC->pSrcList); } } diff --git a/test/auth.test b/test/auth.test index f378b900af..cce9a8b4ea 100644 --- a/test/auth.test +++ b/test/auth.test @@ -2672,6 +2672,31 @@ do_test auth-8.4 { SQLITE_READ t7 {} {} {} \ ] +# Bug 2026-07-05T08:15:45Z +# +proc auth {op args} { + foreach {a b c d} $args break + lappend ::authargs $op $a $b $c $d + return "SQLITE_OK" +} +do_execsql_test auth-9.1 { + DROP TABLE IF EXISTS t1; + DROP TABLE IF EXISTS t2; + CREATE TABLE t1(x,y1); INSERT INTO t1 VALUES(1,'a'); + CREATE TABLE t2(x,y2); INSERT INTO t2 VALUES(99,'z'); +} +set ::authargs [list] +do_execsql_test auth-9.2 { + SELECT x,y2 FROM t1 FULL JOIN t2 USING(x); +} {1 {} 99 z} +do_test auth-9.3 { + set ::authargs +} [list \ + SQLITE_SELECT {} {} {} {} \ + SQLITE_READ t1 x main {} \ + SQLITE_READ t1 x main {} \ + SQLITE_READ t2 y2 main {} \ +] rename proc {} rename proc_real proc