archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-9032: SQLite3 authorizer crashes on NULL values

Browse source 
The arguments 3 to 6 of the authorizer callback may be `NULL`[1], and
we have to properly deal with that.  Instead of causing a segfault, we
deny authorization, which is still better than a crash, and apparently,
we cannot do better anyway.

[1] <https://www.sqlite.org/c3ref/set_authorizer.html>

Closes GH-9040.
This commit is contained in:
Christoph M. Becker 2022-07-18 17:33:34 +02:00
parent a442e29485
commit 8ed21a89f3
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
5 changed files with 68 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
ext/pdo_sqlite/sqlite_driver.c
View file

@ -715,6 +715,9 @@ static const struct pdo_dbh_methods sqlite_methods = {
static char *make_filename_safe(const char *filename)
{
if (!filename) {
return NULL;
}
if (*filename && memcmp(filename, ":memory:", sizeof(":memory:"))) {
char *fullpath = expand_filepath(filename, NULL);
@ -737,7 +740,7 @@ static int authorizer(void *autharg, int access_type, const char *arg3, const ch
char *filename;
switch (access_type) {
case SQLITE_COPY: {
filename = make_filename_safe(arg4);
filename = make_filename_safe(arg4);
if (!filename) {
return SQLITE_DENY;
}
@ -746,7 +749,7 @@ static int authorizer(void *autharg, int access_type, const char *arg3, const ch
}
case SQLITE_ATTACH: {
filename = make_filename_safe(arg3);
filename = make_filename_safe(arg3);
if (!filename) {
return SQLITE_DENY;
}