archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.1'

Browse source 
* PHP-8.1:
  Fix GH-9032: SQLite3 authorizer crashes on NULL values
This commit is contained in:
Christoph M. Becker 2022-07-27 13:11:58 +02:00
commit a398a2fd3d
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
4 changed files with 57 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ext/pdo_sqlite/sqlite_driver.c
View file

@ -738,6 +738,9 @@ static const struct pdo_dbh_methods sqlite_methods = {
static char *make_filename_safe(const char *filename) static char *make_filename_safe(const char *filename)
{ {
if (!filename) {
return NULL;
}
if (*filename && strncasecmp(filename, "file:", 5) == 0) { if (*filename && strncasecmp(filename, "file:", 5) == 0) {
if (PG(open_basedir) && *PG(open_basedir)) { if (PG(open_basedir) && *PG(open_basedir)) {
return NULL; return NULL;
@ -766,7 +769,7 @@ static int authorizer(void *autharg, int access_type, const char *arg3, const ch
char *filename; char *filename;
switch (access_type) { switch (access_type) {
case SQLITE_ATTACH: { case SQLITE_ATTACH: {
filename = make_filename_safe(arg3); filename = make_filename_safe(arg3);
if (!filename) { if (!filename) {
return SQLITE_DENY; return SQLITE_DENY;
} }

24
ext/pdo_sqlite/tests/gh9032.phpt Normal file
View file

@ -0,0 +1,24 @@
--TEST--
SQLite3 authorizer crashes on NULL values
--EXTENSIONS--
pdo_sqlite
--INI--
open_basedir=.
--FILE--
<?php
$db = new PDO("sqlite::memory:", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);
$db->exec('attach database \':memory:\' AS "db1"');
var_dump($db->exec('create table db1.r (id int)'));
try {
$st = $db->prepare('attach database :a AS "db2"');
$st->execute([':a' => ':memory:']);
var_dump($db->exec('create table db2.r (id int)'));
} catch (PDOException $ex) {
echo $ex->getMessage(), PHP_EOL;
}
?>
--EXPECT--
int(0)
SQLSTATE[HY000]: General error: 23 not authorized

3
ext/sqlite3/sqlite3.c
View file

@ -2067,6 +2067,9 @@ static int php_sqlite3_authorizer(void *autharg, int action, const char *arg1, c
/* Check open_basedir restrictions first */ /* Check open_basedir restrictions first */
if (PG(open_basedir) && *PG(open_basedir)) { if (PG(open_basedir) && *PG(open_basedir)) {
if (action == SQLITE_ATTACH) { if (action == SQLITE_ATTACH) {
if (!arg1) {
return SQLITE_DENY;
}
if (memcmp(arg1, ":memory:", sizeof(":memory:")) && *arg1) { if (memcmp(arg1, ":memory:", sizeof(":memory:")) && *arg1) {
if (strncmp(arg1, "file:", 5) == 0) { if (strncmp(arg1, "file:", 5) == 0) {
/* starts with "file:" */ /* starts with "file:" */

26
ext/sqlite3/tests/gh9032.phpt Normal file
View file

@ -0,0 +1,26 @@
--TEST--
SQLite3 authorizer crashes on NULL values
--EXTENSIONS--
sqlite3
--INI--
open_basedir=.
--FILE--
<?php
$db = new SQLite3(":memory:");
$db->enableExceptions(true);
$db->exec('attach database \':memory:\' AS "db1"');
var_dump($db->exec('create table db1.r (id int)'));
try {
$st = $db->prepare('attach database :a AS "db2"');
$st->bindValue("a", ":memory:");
$st->execute();
var_dump($db->exec('create table db2.r (id int)'));
} catch (Exception $ex) {
echo $ex->getMessage(), PHP_EOL;
}
?>
--EXPECT--
bool(true)
Unable to prepare statement: 23, not authorized