archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.0' into PHP-8.1

Browse source 
* PHP-8.0:
  Fix GH-9032: SQLite3 authorizer crashes on NULL values
This commit is contained in:
Christoph M. Becker 2022-07-27 13:05:30 +02:00
commit ca84d06bbc
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
5 changed files with 64 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
NEWS
View file

@ -25,6 +25,12 @@ PHP NEWS
. Fixed bug GH-9033 (Loading blacklist file can fail due to negative length). . Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
(cmb) (cmb)
- PDO_SQLite:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
- SQLite3:
. Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb)
04 Aug 2022, PHP 8.1.9 04 Aug 2022, PHP 8.1.9
- CLI: - CLI:

3
ext/pdo_sqlite/sqlite_driver.c
View file

@ -738,6 +738,9 @@ static const struct pdo_dbh_methods sqlite_methods = {
static char *make_filename_safe(const char *filename) static char *make_filename_safe(const char *filename)
{ {
if (!filename) {
return NULL;
}
if (*filename && strncasecmp(filename, "file:", 5) == 0) { if (*filename && strncasecmp(filename, "file:", 5) == 0) {
if (PG(open_basedir) && *PG(open_basedir)) { if (PG(open_basedir) && *PG(open_basedir)) {
return NULL; return NULL;

24
ext/pdo_sqlite/tests/gh9032.phpt Normal file
View file

@ -0,0 +1,24 @@
--TEST--
SQLite3 authorizer crashes on NULL values
--EXTENSIONS--
pdo_sqlite
--INI--
open_basedir=.
--FILE--
<?php
$db = new PDO("sqlite::memory:", null, null, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);
$db->exec('attach database \':memory:\' AS "db1"');
var_dump($db->exec('create table db1.r (id int)'));
try {
$st = $db->prepare('attach database :a AS "db2"');
$st->execute([':a' => ':memory:']);
var_dump($db->exec('create table db2.r (id int)'));
} catch (PDOException $ex) {
echo $ex->getMessage(), PHP_EOL;
}
?>
--EXPECT--
int(0)
SQLSTATE[HY000]: General error: 23 not authorized

3
ext/sqlite3/sqlite3.c
View file

@ -2034,6 +2034,9 @@ static int php_sqlite3_authorizer(void *autharg, int action, const char *arg1, c
/* Check open_basedir restrictions first */ /* Check open_basedir restrictions first */
if (PG(open_basedir) && *PG(open_basedir)) { if (PG(open_basedir) && *PG(open_basedir)) {
if (action == SQLITE_ATTACH) { if (action == SQLITE_ATTACH) {
if (!arg1) {
return SQLITE_DENY;
}
if (memcmp(arg1, ":memory:", sizeof(":memory:")) && *arg1) { if (memcmp(arg1, ":memory:", sizeof(":memory:")) && *arg1) {
if (strncmp(arg1, "file:", 5) == 0) { if (strncmp(arg1, "file:", 5) == 0) {
/* starts with "file:" */ /* starts with "file:" */

26
ext/sqlite3/tests/gh9032.phpt Normal file
View file

@ -0,0 +1,26 @@
--TEST--
SQLite3 authorizer crashes on NULL values
--EXTENSIONS--
sqlite3
--INI--
open_basedir=.
--FILE--
<?php
$db = new SQLite3(":memory:");
$db->enableExceptions(true);
$db->exec('attach database \':memory:\' AS "db1"');
var_dump($db->exec('create table db1.r (id int)'));
try {
$st = $db->prepare('attach database :a AS "db2"');
$st->bindValue("a", ":memory:");
$st->execute();
var_dump($db->exec('create table db2.r (id int)'));
} catch (Exception $ex) {
echo $ex->getMessage(), PHP_EOL;
}
?>
--EXPECT--
bool(true)
Unable to prepare statement: 23, not authorized