Fossil SCM
Limit the virtual-machine size for SQL statements run for report generators.
Commit
307147510ca5b898ca4812435fefe206180134ede57eec81c0852b49f369a275
Parent
9612d43f930926c…
2 files changed
+4
-3
+2
-2
+4
-3
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -162,11 +162,11 @@ | ||
| 162 | 162 | ** This is the SQLite authorizer callback used to make sure that the |
| 163 | 163 | ** SQL statements entered by users do not try to do anything untoward. |
| 164 | 164 | ** If anything suspicious is tried, set *(char**)pError to an error |
| 165 | 165 | ** message obtained from malloc. |
| 166 | 166 | */ |
| 167 | -int report_query_authorizer( | |
| 167 | +static int report_query_authorizer( | |
| 168 | 168 | void *pError, |
| 169 | 169 | int code, |
| 170 | 170 | const char *zArg1, |
| 171 | 171 | const char *zArg2, |
| 172 | 172 | const char *zArg3, |
| @@ -221,14 +221,15 @@ | ||
| 221 | 221 | } |
| 222 | 222 | |
| 223 | 223 | /* |
| 224 | 224 | ** Activate the query authorizer |
| 225 | 225 | */ |
| 226 | -static void report_restrict_sql(char **pzErr){ | |
| 226 | +void report_restrict_sql(char **pzErr){ | |
| 227 | 227 | sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)pzErr); |
| 228 | + sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); | |
| 228 | 229 | } |
| 229 | -static void report_unrestrict_sql(void){ | |
| 230 | +void report_unrestrict_sql(void){ | |
| 230 | 231 | sqlite3_set_authorizer(g.db, 0, 0); |
| 231 | 232 | } |
| 232 | 233 | |
| 233 | 234 | |
| 234 | 235 | /* |
| 235 | 236 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -162,11 +162,11 @@ | |
| 162 | ** This is the SQLite authorizer callback used to make sure that the |
| 163 | ** SQL statements entered by users do not try to do anything untoward. |
| 164 | ** If anything suspicious is tried, set *(char**)pError to an error |
| 165 | ** message obtained from malloc. |
| 166 | */ |
| 167 | int report_query_authorizer( |
| 168 | void *pError, |
| 169 | int code, |
| 170 | const char *zArg1, |
| 171 | const char *zArg2, |
| 172 | const char *zArg3, |
| @@ -221,14 +221,15 @@ | |
| 221 | } |
| 222 | |
| 223 | /* |
| 224 | ** Activate the query authorizer |
| 225 | */ |
| 226 | static void report_restrict_sql(char **pzErr){ |
| 227 | sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)pzErr); |
| 228 | } |
| 229 | static void report_unrestrict_sql(void){ |
| 230 | sqlite3_set_authorizer(g.db, 0, 0); |
| 231 | } |
| 232 | |
| 233 | |
| 234 | /* |
| 235 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -162,11 +162,11 @@ | |
| 162 | ** This is the SQLite authorizer callback used to make sure that the |
| 163 | ** SQL statements entered by users do not try to do anything untoward. |
| 164 | ** If anything suspicious is tried, set *(char**)pError to an error |
| 165 | ** message obtained from malloc. |
| 166 | */ |
| 167 | static int report_query_authorizer( |
| 168 | void *pError, |
| 169 | int code, |
| 170 | const char *zArg1, |
| 171 | const char *zArg2, |
| 172 | const char *zArg3, |
| @@ -221,14 +221,15 @@ | |
| 221 | } |
| 222 | |
| 223 | /* |
| 224 | ** Activate the query authorizer |
| 225 | */ |
| 226 | void report_restrict_sql(char **pzErr){ |
| 227 | sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)pzErr); |
| 228 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 229 | } |
| 230 | void report_unrestrict_sql(void){ |
| 231 | sqlite3_set_authorizer(g.db, 0, 0); |
| 232 | } |
| 233 | |
| 234 | |
| 235 | /* |
| 236 |
+2
-2
| --- src/th_main.c | ||
| +++ src/th_main.c | ||
| @@ -1588,15 +1588,15 @@ | ||
| 1588 | 1588 | } |
| 1589 | 1589 | zSql = argv[1]; |
| 1590 | 1590 | nSql = argl[1]; |
| 1591 | 1591 | while( res==TH_OK && nSql>0 ){ |
| 1592 | 1592 | zErr = 0; |
| 1593 | - sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)&zErr); | |
| 1593 | + report_restrict_sql(&zErr); | |
| 1594 | 1594 | g.dbIgnoreErrors++; |
| 1595 | 1595 | rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail); |
| 1596 | 1596 | g.dbIgnoreErrors--; |
| 1597 | - sqlite3_set_authorizer(g.db, 0, 0); | |
| 1597 | + report_unrestrict_sql(); | |
| 1598 | 1598 | if( rc!=0 || zErr!=0 ){ |
| 1599 | 1599 | if( noComplain ) return TH_OK; |
| 1600 | 1600 | Th_ErrorMessage(interp, "SQL error: ", |
| 1601 | 1601 | zErr ? zErr : sqlite3_errmsg(g.db), -1); |
| 1602 | 1602 | return TH_ERROR; |
| 1603 | 1603 |
| --- src/th_main.c | |
| +++ src/th_main.c | |
| @@ -1588,15 +1588,15 @@ | |
| 1588 | } |
| 1589 | zSql = argv[1]; |
| 1590 | nSql = argl[1]; |
| 1591 | while( res==TH_OK && nSql>0 ){ |
| 1592 | zErr = 0; |
| 1593 | sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)&zErr); |
| 1594 | g.dbIgnoreErrors++; |
| 1595 | rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail); |
| 1596 | g.dbIgnoreErrors--; |
| 1597 | sqlite3_set_authorizer(g.db, 0, 0); |
| 1598 | if( rc!=0 || zErr!=0 ){ |
| 1599 | if( noComplain ) return TH_OK; |
| 1600 | Th_ErrorMessage(interp, "SQL error: ", |
| 1601 | zErr ? zErr : sqlite3_errmsg(g.db), -1); |
| 1602 | return TH_ERROR; |
| 1603 |
| --- src/th_main.c | |
| +++ src/th_main.c | |
| @@ -1588,15 +1588,15 @@ | |
| 1588 | } |
| 1589 | zSql = argv[1]; |
| 1590 | nSql = argl[1]; |
| 1591 | while( res==TH_OK && nSql>0 ){ |
| 1592 | zErr = 0; |
| 1593 | report_restrict_sql(&zErr); |
| 1594 | g.dbIgnoreErrors++; |
| 1595 | rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail); |
| 1596 | g.dbIgnoreErrors--; |
| 1597 | report_unrestrict_sql(); |
| 1598 | if( rc!=0 || zErr!=0 ){ |
| 1599 | if( noComplain ) return TH_OK; |
| 1600 | Th_ErrorMessage(interp, "SQL error: ", |
| 1601 | zErr ? zErr : sqlite3_errmsg(g.db), -1); |
| 1602 | return TH_ERROR; |
| 1603 |