SQLite

Check-in [9f351bde]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Tighter constraints on the maximum length of the filename handed over to sqlite3_load_extension(), due to forum post a43074729e. This is a follow-on to [01f3877c7172d522] and forum post 08a0d6d9bf.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9f351bdee2a09a4419bb8256a13d1f757b3e00ec26a445523f224fc56d9ae26d
User & Date: drh 2023-03-25 03:17:08
Context
2023-03-25
12:27
Even tighter bounds on the maximum length of the filename for sqlite3_load_extension(). (check-in: 78729141 user: drh tags: trunk)
03:17
Tighter constraints on the maximum length of the filename handed over to sqlite3_load_extension(), due to forum post a43074729e. This is a follow-on to [01f3877c7172d522] and forum post 08a0d6d9bf. (check-in: 9f351bde user: drh tags: trunk)
02:07
New test case to further validate the fix at [221fdcec964f8317]. Forum post d34ad68c36. (check-in: a6e218a6 user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/loadext.c. 

581
582
583
584
585
586
587
588




589
590
591
592
593
594
595
596

  }

  zEntry = zProc ? zProc : "sqlite3_extension_init";

  /* tag-20210611-1.  Some dlopen() implementations will segfault if given
  ** an oversize filename.  Most filesystems have a pathname limit of 4K,
  ** so limit the extension filename length to about twice that.
  ** https://sqlite.org/forum/forumpost/08a0d6d9bf */




  if( nMsg>SQLITE_MAX_PATHLEN ) goto extension_not_found;
    
  handle = sqlite3OsDlOpen(pVfs, zFile);
#if SQLITE_OS_UNIX || SQLITE_OS_WIN
  for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){
    char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
    if( zAltFile==0 ) return SQLITE_NOMEM_BKPT;
    handle = sqlite3OsDlOpen(pVfs, zAltFile);








|
>
>
>
>
|








581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600

  }

  zEntry = zProc ? zProc : "sqlite3_extension_init";

  /* tag-20210611-1.  Some dlopen() implementations will segfault if given
  ** an oversize filename.  Most filesystems have a pathname limit of 4K,
  ** so limit the extension filename length to about twice that.
  ** https://sqlite.org/forum/forumpost/08a0d6d9bf
  **
  ** Later (2023-03-25): Save an extra 6 bytes for the filename suffix.
  ** See https://sqlite.org/forum/forumpost/24083b579d.
  */
  if( nMsg>SQLITE_MAX_PATHLEN-6 ) goto extension_not_found;
    
  handle = sqlite3OsDlOpen(pVfs, zFile);
#if SQLITE_OS_UNIX || SQLITE_OS_WIN
  for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){
    char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
    if( zAltFile==0 ) return SQLITE_NOMEM_BKPT;
    handle = sqlite3OsDlOpen(pVfs, zAltFile);