SQLite

Check-in [a9cda38997]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improve the defenses against bad pathnames input into the findCreateFileMode() function of os_unix.c in order to quiet static-analyzer warnings. There are no demonstrated problems in the prior code, but this change makes the code easier to prove correct and more robust against future changes.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: a9cda38997a692e25d2fe994a9a3fb9472c00ba04323c82e706fdb1112d4244e
User & Date: drh 2022-03-09 12:20:40.382
Context
2022-03-09
13:22
Do not use va_arg() as an l-value, because AIX does not allow that, from what we are told. (check-in: 46d1a6de62 user: drh tags: trunk)
12:20
Improve the defenses against bad pathnames input into the findCreateFileMode() function of os_unix.c in order to quiet static-analyzer warnings. There are no demonstrated problems in the prior code, but this change makes the code easier to prove correct and more robust against future changes. (check-in: a9cda38997 user: drh tags: trunk)
2022-03-08
15:49
Fix a minor typo in a comment. (check-in: cf61419f88 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/os_unix.c. 
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021



6022
6023
6024
6025
6026
6027




6028
6029
6030
6031
6032
6033
6034

    **   "<path to db>-journal"
    **   "<path to db>-wal"
    **   "<path to db>-journalNN"
    **   "<path to db>-walNN"
    **
    ** where NN is a decimal number. The NN naming schemes are 
    ** used by the test_multiplex.c module.
    */
    nDb = sqlite3Strlen30(zPath) - 1; 
    while( zPath[nDb]!='-' ){
      /* In normal operation, the journal file name will always contain
      ** a '-' character.  However in 8+3 filename mode, or if a corrupt
      ** rollback journal specifies a super-journal with a goofy name, then
      ** the '-' might be missing. */
      if( nDb==0 || zPath[nDb]=='.' ) return SQLITE_OK;



      nDb--;
    }
    memcpy(zDb, zPath, nDb);
    zDb[nDb] = '\0';

    rc = getFileMode(zDb, pMode, pUid, pGid);




  }else if( flags & SQLITE_OPEN_DELETEONCLOSE ){
    *pMode = 0600;
  }else if( flags & SQLITE_OPEN_URI ){
    /* If this is a main database file and the file was opened using a URI
    ** filename, check for the "modeof" parameter. If present, interpret
    ** its value as a filename and try to copy the mode, uid and gid from
    ** that file.  */








|
<
<
|
|
|
|
|
>
>
>
|
<
|
|
<
|
>
>
>
>








6007
6008
6009
6010
6011
6012
6013
6014


6015
6016
6017
6018
6019
6020
6021
6022
6023

6024
6025

6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037

    **   "<path to db>-journal"
    **   "<path to db>-wal"
    **   "<path to db>-journalNN"
    **   "<path to db>-walNN"
    **
    ** where NN is a decimal number. The NN naming schemes are 
    ** used by the test_multiplex.c module.
    **


    ** In normal operation, the journal file name will always contain
    ** a '-' character.  However in 8+3 filename mode, or if a corrupt
    ** rollback journal specifies a super-journal with a goofy name, then
    ** the '-' might be missing or the '-' might be the first character in
    ** the filename.  In that case, just return SQLITE_OK with *pMode==0.
    */
    nDb = sqlite3Strlen30(zPath) - 1;
    while( nDb>0 && zPath[nDb]!='.' ){
      if( zPath[nDb]=='-' ){

        memcpy(zDb, zPath, nDb);
        zDb[nDb] = '\0';

        rc = getFileMode(zDb, pMode, pUid, pGid);
        break;
      }
      nDb--;
    }
  }else if( flags & SQLITE_OPEN_DELETEONCLOSE ){
    *pMode = 0600;
  }else if( flags & SQLITE_OPEN_URI ){
    /* If this is a main database file and the file was opened using a URI
    ** filename, check for the "modeof" parameter. If present, interpret
    ** its value as a filename and try to copy the mode, uid and gid from
    ** that file.  */