Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a segfault in the authorizer when it is given a SELECT statement with no FROM clause. Ticket #896. (CVS 1954) |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
97d63b9290ef88b3cd8012c71fdd5b3c |
| User & Date: | drh 2004-09-09 13:55:50.000 |
Context
|
2004-09-09
| ||
| 14:01 | Fix lemon so that inserted code always ends in a newline. Ticket #895. (CVS 1955) (check-in: 13fba17e3f user: drh tags: trunk) | |
| 13:55 | Fix a segfault in the authorizer when it is given a SELECT statement with no FROM clause. Ticket #896. (CVS 1954) (check-in: 97d63b9290 user: drh tags: trunk) | |
| 00:35 | Trying to get some tests in printf.test to pass on 64-bit systems. (CVS 1952) (check-in: b12fc46dcd user: drh tags: trunk) | |
Changes
Changes to src/auth.c.
| ︙ | ︙ | |||
10 11 12 13 14 15 16 | ** ************************************************************************* ** This file contains code used to implement the sqlite3_set_authorizer() ** API. This facility is an optional feature of the library. Embedded ** systems that do not need this facility may omit it by recompiling ** the library with -DSQLITE_OMIT_AUTHORIZATION=1 ** | | | 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | ** ************************************************************************* ** This file contains code used to implement the sqlite3_set_authorizer() ** API. This facility is an optional feature of the library. Embedded ** systems that do not need this facility may omit it by recompiling ** the library with -DSQLITE_OMIT_AUTHORIZATION=1 ** ** $Id: auth.c,v 1.18 2004/09/09 13:55:50 drh Exp $ */ #include "sqliteInt.h" /* ** All of the code in this file may be omitted by defining a single ** macro. */ |
| ︙ | ︙ | |||
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
){
sqlite3 *db = pParse->db;
int rc;
Table *pTab; /* The table being read */
const char *zCol; /* Name of the column of the table */
int iSrc; /* Index in pTabList->a[] of table being read */
const char *zDBase; /* Name of database being accessed */
if( db->xAuth==0 ) return;
assert( pExpr->op==TK_COLUMN );
for(iSrc=0; iSrc<pTabList->nSrc; iSrc++){
if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
}
if( iSrc>=0 && iSrc<pTabList->nSrc ){
pTab = pTabList->a[iSrc].pTab;
| > | < < < > > | 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
){
sqlite3 *db = pParse->db;
int rc;
Table *pTab; /* The table being read */
const char *zCol; /* Name of the column of the table */
int iSrc; /* Index in pTabList->a[] of table being read */
const char *zDBase; /* Name of database being accessed */
TriggerStack *pStack; /* The stack of current triggers */
if( db->xAuth==0 ) return;
assert( pExpr->op==TK_COLUMN );
for(iSrc=0; iSrc<pTabList->nSrc; iSrc++){
if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
}
if( iSrc>=0 && iSrc<pTabList->nSrc ){
pTab = pTabList->a[iSrc].pTab;
}else if( (pStack = pParse->trigStack)!=0 ){
/* This must be an attempt to read the NEW or OLD pseudo-tables
** of a trigger.
*/
assert( pExpr->iTable==pStack->newIdx || pExpr->iTable==pStack->oldIdx );
pTab = pStack->pTab;
}else{
return;
}
if( pTab==0 ) return;
if( pExpr->iColumn>=0 ){
assert( pExpr->iColumn<pTab->nCol );
zCol = pTab->aCol[pExpr->iColumn].zName;
}else if( pTab->iPKey>=0 ){
assert( pTab->iPKey<pTab->nCol );
|
| ︙ | ︙ |
Changes to test/auth.test.
| ︙ | ︙ | |||
8 9 10 11 12 13 14 | # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. The # focus of this script is testing the ATTACH and DETACH commands # and related functionality. # | | | 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. The # focus of this script is testing the ATTACH and DETACH commands # and related functionality. # # $Id: auth.test,v 1.18 2004/09/09 13:55:51 drh Exp $ # set testdir [file dirname $argv0] source $testdir/tester.tcl # disable this test if the SQLITE_OMIT_AUTHORIZATION macro is # defined during compilation. |
| ︙ | ︙ | |||
39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
} {1 {not authorized}}
do_test auth-1.1.2 {
db errorcode
} {23}
do_test auth-1.1.3 {
db authorizer
} {::auth}
do_test auth-1.2 {
execsql {SELECT name FROM sqlite_master}
} {}
do_test auth-1.3.1 {
proc auth {code arg1 arg2 arg3 arg4} {
if {$code=="SQLITE_CREATE_TABLE"} {
set ::authargs [list $arg1 $arg2 $arg3 $arg4]
| > > > > > > | 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
} {1 {not authorized}}
do_test auth-1.1.2 {
db errorcode
} {23}
do_test auth-1.1.3 {
db authorizer
} {::auth}
do_test auth-1.1.4 {
# Ticket #896.
catchsql {
SELECT x;
}
} {1 {no such column: x}}
do_test auth-1.2 {
execsql {SELECT name FROM sqlite_master}
} {}
do_test auth-1.3.1 {
proc auth {code arg1 arg2 arg3 arg4} {
if {$code=="SQLITE_CREATE_TABLE"} {
set ::authargs [list $arg1 $arg2 $arg3 $arg4]
|
| ︙ | ︙ |