Fossil SCM
If compiled with -DFOSSIL_PENTEST and if "<BUG>" appears anywhere in HTML output, or if "BUG" appears anywhere in SQL, then a panic is generated.
Commit
9ceb5ff8696589e2dd2747753ee4dc8e0a3a976c869196b46fdef3f48ed0fa69
Parent
a584f75ff84ee91…
6 files changed
+1
+15
+24
-1
+1
+2
+1
+1
| --- src/cache.c | ||
| +++ src/cache.c | ||
| @@ -95,10 +95,11 @@ | ||
| 95 | 95 | sqlite3_stmt *pStmt = 0; |
| 96 | 96 | int rc; |
| 97 | 97 | |
| 98 | 98 | rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); |
| 99 | 99 | if( rc ){ |
| 100 | + db_pentest(zSql); | |
| 100 | 101 | sqlite3_finalize(pStmt); |
| 101 | 102 | pStmt = 0; |
| 102 | 103 | } |
| 103 | 104 | return pStmt; |
| 104 | 105 | } |
| 105 | 106 |
| --- src/cache.c | |
| +++ src/cache.c | |
| @@ -95,10 +95,11 @@ | |
| 95 | sqlite3_stmt *pStmt = 0; |
| 96 | int rc; |
| 97 | |
| 98 | rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); |
| 99 | if( rc ){ |
| 100 | sqlite3_finalize(pStmt); |
| 101 | pStmt = 0; |
| 102 | } |
| 103 | return pStmt; |
| 104 | } |
| 105 |
| --- src/cache.c | |
| +++ src/cache.c | |
| @@ -95,10 +95,11 @@ | |
| 95 | sqlite3_stmt *pStmt = 0; |
| 96 | int rc; |
| 97 | |
| 98 | rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); |
| 99 | if( rc ){ |
| 100 | db_pentest(zSql); |
| 101 | sqlite3_finalize(pStmt); |
| 102 | pStmt = 0; |
| 103 | } |
| 104 | return pStmt; |
| 105 | } |
| 106 |
+15
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -476,10 +476,13 @@ | ||
| 476 | 476 | ** followed by the concatenation of the content header and content body. |
| 477 | 477 | */ |
| 478 | 478 | void cgi_reply(void){ |
| 479 | 479 | Blob hdr = BLOB_INITIALIZER; |
| 480 | 480 | int total_size; |
| 481 | +#ifdef FOSSIL_PENTEST | |
| 482 | + int bHtml; /* True if the output is HTML */ | |
| 483 | +#endif | |
| 481 | 484 | if( iReplyStatus<=0 ){ |
| 482 | 485 | iReplyStatus = 200; |
| 483 | 486 | zReplyStatus = "OK"; |
| 484 | 487 | } |
| 485 | 488 | |
| @@ -571,18 +574,30 @@ | ||
| 571 | 574 | blob_appendf(&hdr, "Content-Length: %d\r\n", total_size); |
| 572 | 575 | }else{ |
| 573 | 576 | total_size = 0; |
| 574 | 577 | } |
| 575 | 578 | blob_appendf(&hdr, "\r\n"); |
| 579 | +#ifdef FOSSIL_PENTEST | |
| 580 | + bHtml = strstr(blob_str(&hdr), "text/html")!=0; | |
| 581 | + if( strstr(blob_str(&hdr), "<BUG>")!=0 ){ | |
| 582 | + fossil_panic("Cross-site scripting vulnerability!"); | |
| 583 | + abort(); | |
| 584 | + } | |
| 585 | +#endif | |
| 576 | 586 | cgi_fwrite(blob_buffer(&hdr), blob_size(&hdr)); |
| 577 | 587 | blob_reset(&hdr); |
| 578 | 588 | if( total_size>0 |
| 579 | 589 | && iReplyStatus!=304 |
| 580 | 590 | && fossil_strcmp(P("REQUEST_METHOD"),"HEAD")!=0 |
| 581 | 591 | ){ |
| 582 | 592 | int i, size; |
| 583 | 593 | for(i=0; i<2; i++){ |
| 594 | +#ifdef FOSSIL_PENTEST | |
| 595 | + if( bHtml && strstr(blob_str(&cgiContent[i]), "<BUG>")!=0 ){ | |
| 596 | + fossil_panic("Cross-site scripting vulnerability!\n"); | |
| 597 | + } | |
| 598 | +#endif | |
| 584 | 599 | size = blob_size(&cgiContent[i]); |
| 585 | 600 | if( size<=rangeStart ){ |
| 586 | 601 | rangeStart -= size; |
| 587 | 602 | }else{ |
| 588 | 603 | int n = size - rangeStart; |
| 589 | 604 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -476,10 +476,13 @@ | |
| 476 | ** followed by the concatenation of the content header and content body. |
| 477 | */ |
| 478 | void cgi_reply(void){ |
| 479 | Blob hdr = BLOB_INITIALIZER; |
| 480 | int total_size; |
| 481 | if( iReplyStatus<=0 ){ |
| 482 | iReplyStatus = 200; |
| 483 | zReplyStatus = "OK"; |
| 484 | } |
| 485 | |
| @@ -571,18 +574,30 @@ | |
| 571 | blob_appendf(&hdr, "Content-Length: %d\r\n", total_size); |
| 572 | }else{ |
| 573 | total_size = 0; |
| 574 | } |
| 575 | blob_appendf(&hdr, "\r\n"); |
| 576 | cgi_fwrite(blob_buffer(&hdr), blob_size(&hdr)); |
| 577 | blob_reset(&hdr); |
| 578 | if( total_size>0 |
| 579 | && iReplyStatus!=304 |
| 580 | && fossil_strcmp(P("REQUEST_METHOD"),"HEAD")!=0 |
| 581 | ){ |
| 582 | int i, size; |
| 583 | for(i=0; i<2; i++){ |
| 584 | size = blob_size(&cgiContent[i]); |
| 585 | if( size<=rangeStart ){ |
| 586 | rangeStart -= size; |
| 587 | }else{ |
| 588 | int n = size - rangeStart; |
| 589 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -476,10 +476,13 @@ | |
| 476 | ** followed by the concatenation of the content header and content body. |
| 477 | */ |
| 478 | void cgi_reply(void){ |
| 479 | Blob hdr = BLOB_INITIALIZER; |
| 480 | int total_size; |
| 481 | #ifdef FOSSIL_PENTEST |
| 482 | int bHtml; /* True if the output is HTML */ |
| 483 | #endif |
| 484 | if( iReplyStatus<=0 ){ |
| 485 | iReplyStatus = 200; |
| 486 | zReplyStatus = "OK"; |
| 487 | } |
| 488 | |
| @@ -571,18 +574,30 @@ | |
| 574 | blob_appendf(&hdr, "Content-Length: %d\r\n", total_size); |
| 575 | }else{ |
| 576 | total_size = 0; |
| 577 | } |
| 578 | blob_appendf(&hdr, "\r\n"); |
| 579 | #ifdef FOSSIL_PENTEST |
| 580 | bHtml = strstr(blob_str(&hdr), "text/html")!=0; |
| 581 | if( strstr(blob_str(&hdr), "<BUG>")!=0 ){ |
| 582 | fossil_panic("Cross-site scripting vulnerability!"); |
| 583 | abort(); |
| 584 | } |
| 585 | #endif |
| 586 | cgi_fwrite(blob_buffer(&hdr), blob_size(&hdr)); |
| 587 | blob_reset(&hdr); |
| 588 | if( total_size>0 |
| 589 | && iReplyStatus!=304 |
| 590 | && fossil_strcmp(P("REQUEST_METHOD"),"HEAD")!=0 |
| 591 | ){ |
| 592 | int i, size; |
| 593 | for(i=0; i<2; i++){ |
| 594 | #ifdef FOSSIL_PENTEST |
| 595 | if( bHtml && strstr(blob_str(&cgiContent[i]), "<BUG>")!=0 ){ |
| 596 | fossil_panic("Cross-site scripting vulnerability!\n"); |
| 597 | } |
| 598 | #endif |
| 599 | size = blob_size(&cgiContent[i]); |
| 600 | if( size<=rangeStart ){ |
| 601 | rangeStart -= size; |
| 602 | }else{ |
| 603 | int n = size - rangeStart; |
| 604 |
M
src/db.c
+24
-1
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -671,10 +671,27 @@ | ||
| 671 | 671 | ** to zero to stop appending DML statement text. |
| 672 | 672 | */ |
| 673 | 673 | void db_append_dml_to_blob(Blob *pBlob){ |
| 674 | 674 | db.pDmlLog = pBlob; |
| 675 | 675 | } |
| 676 | + | |
| 677 | +/* | |
| 678 | +** This routine is a no-op on most builds. But if Fossil is built using | |
| 679 | +** the FOSSIL_PENTEST compile-time option, and if the argument to this routine | |
| 680 | +** contains the text "BUG", then that indicates a potential SQL injection | |
| 681 | +** vulnerability. A panic is generated to bring this to the tester's | |
| 682 | +** attention. | |
| 683 | +*/ | |
| 684 | +void db_pentest(const char *zSql){ | |
| 685 | +#ifndef FOSSIL_PENTEST | |
| 686 | + (void)zSql; | |
| 687 | +#else | |
| 688 | + if( strstr(zSql,"BUG")!=0 ){ | |
| 689 | + fossil_panic("SQL Injection vulnerability!"); | |
| 690 | + } | |
| 691 | +#endif | |
| 692 | +} | |
| 676 | 693 | |
| 677 | 694 | /* |
| 678 | 695 | ** Pause or unpause the DML log |
| 679 | 696 | */ |
| 680 | 697 | void db_pause_dml_log(void){ db.pauseDmlLog++; } |
| @@ -698,10 +715,11 @@ | ||
| 698 | 715 | db_append_dml(zSql); |
| 699 | 716 | if( flags & DB_PREPARE_PERSISTENT ){ |
| 700 | 717 | prepFlags = SQLITE_PREPARE_PERSISTENT; |
| 701 | 718 | } |
| 702 | 719 | rc = sqlite3_prepare_v3(g.db, zSql, -1, prepFlags, &pStmt->pStmt, &zExtra); |
| 720 | + if( rc!=0 ) db_pentest(zSql); | |
| 703 | 721 | if( rc!=0 && (flags & DB_PREPARE_IGNORE_ERROR)==0 ){ |
| 704 | 722 | db_err("%s\n%s", sqlite3_errmsg(g.db), zSql); |
| 705 | 723 | }else if( zExtra && !fossil_all_whitespace(zExtra) ){ |
| 706 | 724 | db_err("surplus text follows SQL: \"%s\"", zExtra); |
| 707 | 725 | } |
| @@ -760,10 +778,11 @@ | ||
| 760 | 778 | blob_init(pSql, 0, 0); |
| 761 | 779 | zSql = blob_sql_text(&pStmt->sql); |
| 762 | 780 | db.nPrepare++; |
| 763 | 781 | rc = sqlite3_prepare_v3(g.db, zSql, -1, 0, &pStmt->pStmt, 0); |
| 764 | 782 | if( rc!=0 ){ |
| 783 | + db_pentest(zSql); | |
| 765 | 784 | db_err("%s\n%s", sqlite3_errmsg(g.db), zSql); |
| 766 | 785 | } |
| 767 | 786 | pStmt->pNext = pStmt->pPrev = 0; |
| 768 | 787 | pStmt->nStep = 0; |
| 769 | 788 | pStmt->rc = rc; |
| @@ -1046,11 +1065,14 @@ | ||
| 1046 | 1065 | va_end(ap); |
| 1047 | 1066 | z = blob_str(&sql); |
| 1048 | 1067 | while( rc==SQLITE_OK && z[0] ){ |
| 1049 | 1068 | pStmt = 0; |
| 1050 | 1069 | rc = sqlite3_prepare_v2(g.db, z, -1, &pStmt, &zEnd); |
| 1051 | - if( rc!=SQLITE_OK ) break; | |
| 1070 | + if( rc!=SQLITE_OK ){ | |
| 1071 | + db_pentest(z); | |
| 1072 | + break; | |
| 1073 | + } | |
| 1052 | 1074 | if( pStmt ){ |
| 1053 | 1075 | int nRow = 0; |
| 1054 | 1076 | db.nPrepare++; |
| 1055 | 1077 | while( sqlite3_step(pStmt)==SQLITE_ROW ){ |
| 1056 | 1078 | int i, n; |
| @@ -1080,10 +1102,11 @@ | ||
| 1080 | 1102 | const char *zEnd; |
| 1081 | 1103 | while( rc==SQLITE_OK && z[0] ){ |
| 1082 | 1104 | pStmt = 0; |
| 1083 | 1105 | rc = sqlite3_prepare_v2(g.db, z, -1, &pStmt, &zEnd); |
| 1084 | 1106 | if( rc ){ |
| 1107 | + db_pentest(z); | |
| 1085 | 1108 | db_err("%s: {%s}", sqlite3_errmsg(g.db), z); |
| 1086 | 1109 | }else if( pStmt ){ |
| 1087 | 1110 | db.nPrepare++; |
| 1088 | 1111 | db_append_dml(sqlite3_sql(pStmt)); |
| 1089 | 1112 | while( sqlite3_step(pStmt)==SQLITE_ROW ){} |
| 1090 | 1113 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -671,10 +671,27 @@ | |
| 671 | ** to zero to stop appending DML statement text. |
| 672 | */ |
| 673 | void db_append_dml_to_blob(Blob *pBlob){ |
| 674 | db.pDmlLog = pBlob; |
| 675 | } |
| 676 | |
| 677 | /* |
| 678 | ** Pause or unpause the DML log |
| 679 | */ |
| 680 | void db_pause_dml_log(void){ db.pauseDmlLog++; } |
| @@ -698,10 +715,11 @@ | |
| 698 | db_append_dml(zSql); |
| 699 | if( flags & DB_PREPARE_PERSISTENT ){ |
| 700 | prepFlags = SQLITE_PREPARE_PERSISTENT; |
| 701 | } |
| 702 | rc = sqlite3_prepare_v3(g.db, zSql, -1, prepFlags, &pStmt->pStmt, &zExtra); |
| 703 | if( rc!=0 && (flags & DB_PREPARE_IGNORE_ERROR)==0 ){ |
| 704 | db_err("%s\n%s", sqlite3_errmsg(g.db), zSql); |
| 705 | }else if( zExtra && !fossil_all_whitespace(zExtra) ){ |
| 706 | db_err("surplus text follows SQL: \"%s\"", zExtra); |
| 707 | } |
| @@ -760,10 +778,11 @@ | |
| 760 | blob_init(pSql, 0, 0); |
| 761 | zSql = blob_sql_text(&pStmt->sql); |
| 762 | db.nPrepare++; |
| 763 | rc = sqlite3_prepare_v3(g.db, zSql, -1, 0, &pStmt->pStmt, 0); |
| 764 | if( rc!=0 ){ |
| 765 | db_err("%s\n%s", sqlite3_errmsg(g.db), zSql); |
| 766 | } |
| 767 | pStmt->pNext = pStmt->pPrev = 0; |
| 768 | pStmt->nStep = 0; |
| 769 | pStmt->rc = rc; |
| @@ -1046,11 +1065,14 @@ | |
| 1046 | va_end(ap); |
| 1047 | z = blob_str(&sql); |
| 1048 | while( rc==SQLITE_OK && z[0] ){ |
| 1049 | pStmt = 0; |
| 1050 | rc = sqlite3_prepare_v2(g.db, z, -1, &pStmt, &zEnd); |
| 1051 | if( rc!=SQLITE_OK ) break; |
| 1052 | if( pStmt ){ |
| 1053 | int nRow = 0; |
| 1054 | db.nPrepare++; |
| 1055 | while( sqlite3_step(pStmt)==SQLITE_ROW ){ |
| 1056 | int i, n; |
| @@ -1080,10 +1102,11 @@ | |
| 1080 | const char *zEnd; |
| 1081 | while( rc==SQLITE_OK && z[0] ){ |
| 1082 | pStmt = 0; |
| 1083 | rc = sqlite3_prepare_v2(g.db, z, -1, &pStmt, &zEnd); |
| 1084 | if( rc ){ |
| 1085 | db_err("%s: {%s}", sqlite3_errmsg(g.db), z); |
| 1086 | }else if( pStmt ){ |
| 1087 | db.nPrepare++; |
| 1088 | db_append_dml(sqlite3_sql(pStmt)); |
| 1089 | while( sqlite3_step(pStmt)==SQLITE_ROW ){} |
| 1090 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -671,10 +671,27 @@ | |
| 671 | ** to zero to stop appending DML statement text. |
| 672 | */ |
| 673 | void db_append_dml_to_blob(Blob *pBlob){ |
| 674 | db.pDmlLog = pBlob; |
| 675 | } |
| 676 | |
| 677 | /* |
| 678 | ** This routine is a no-op on most builds. But if Fossil is built using |
| 679 | ** the FOSSIL_PENTEST compile-time option, and if the argument to this routine |
| 680 | ** contains the text "BUG", then that indicates a potential SQL injection |
| 681 | ** vulnerability. A panic is generated to bring this to the tester's |
| 682 | ** attention. |
| 683 | */ |
| 684 | void db_pentest(const char *zSql){ |
| 685 | #ifndef FOSSIL_PENTEST |
| 686 | (void)zSql; |
| 687 | #else |
| 688 | if( strstr(zSql,"BUG")!=0 ){ |
| 689 | fossil_panic("SQL Injection vulnerability!"); |
| 690 | } |
| 691 | #endif |
| 692 | } |
| 693 | |
| 694 | /* |
| 695 | ** Pause or unpause the DML log |
| 696 | */ |
| 697 | void db_pause_dml_log(void){ db.pauseDmlLog++; } |
| @@ -698,10 +715,11 @@ | |
| 715 | db_append_dml(zSql); |
| 716 | if( flags & DB_PREPARE_PERSISTENT ){ |
| 717 | prepFlags = SQLITE_PREPARE_PERSISTENT; |
| 718 | } |
| 719 | rc = sqlite3_prepare_v3(g.db, zSql, -1, prepFlags, &pStmt->pStmt, &zExtra); |
| 720 | if( rc!=0 ) db_pentest(zSql); |
| 721 | if( rc!=0 && (flags & DB_PREPARE_IGNORE_ERROR)==0 ){ |
| 722 | db_err("%s\n%s", sqlite3_errmsg(g.db), zSql); |
| 723 | }else if( zExtra && !fossil_all_whitespace(zExtra) ){ |
| 724 | db_err("surplus text follows SQL: \"%s\"", zExtra); |
| 725 | } |
| @@ -760,10 +778,11 @@ | |
| 778 | blob_init(pSql, 0, 0); |
| 779 | zSql = blob_sql_text(&pStmt->sql); |
| 780 | db.nPrepare++; |
| 781 | rc = sqlite3_prepare_v3(g.db, zSql, -1, 0, &pStmt->pStmt, 0); |
| 782 | if( rc!=0 ){ |
| 783 | db_pentest(zSql); |
| 784 | db_err("%s\n%s", sqlite3_errmsg(g.db), zSql); |
| 785 | } |
| 786 | pStmt->pNext = pStmt->pPrev = 0; |
| 787 | pStmt->nStep = 0; |
| 788 | pStmt->rc = rc; |
| @@ -1046,11 +1065,14 @@ | |
| 1065 | va_end(ap); |
| 1066 | z = blob_str(&sql); |
| 1067 | while( rc==SQLITE_OK && z[0] ){ |
| 1068 | pStmt = 0; |
| 1069 | rc = sqlite3_prepare_v2(g.db, z, -1, &pStmt, &zEnd); |
| 1070 | if( rc!=SQLITE_OK ){ |
| 1071 | db_pentest(z); |
| 1072 | break; |
| 1073 | } |
| 1074 | if( pStmt ){ |
| 1075 | int nRow = 0; |
| 1076 | db.nPrepare++; |
| 1077 | while( sqlite3_step(pStmt)==SQLITE_ROW ){ |
| 1078 | int i, n; |
| @@ -1080,10 +1102,11 @@ | |
| 1102 | const char *zEnd; |
| 1103 | while( rc==SQLITE_OK && z[0] ){ |
| 1104 | pStmt = 0; |
| 1105 | rc = sqlite3_prepare_v2(g.db, z, -1, &pStmt, &zEnd); |
| 1106 | if( rc ){ |
| 1107 | db_pentest(z); |
| 1108 | db_err("%s: {%s}", sqlite3_errmsg(g.db), z); |
| 1109 | }else if( pStmt ){ |
| 1110 | db.nPrepare++; |
| 1111 | db_append_dml(sqlite3_sql(pStmt)); |
| 1112 | while( sqlite3_step(pStmt)==SQLITE_ROW ){} |
| 1113 |
+1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -1156,10 +1156,11 @@ | ||
| 1156 | 1156 | " AND constant_time_cmp(cookie,%Q)=0", |
| 1157 | 1157 | zLogin, zHash |
| 1158 | 1158 | ); |
| 1159 | 1159 | pStmt = 0; |
| 1160 | 1160 | rc = sqlite3_prepare_v2(pOther, zSQL, -1, &pStmt, 0); |
| 1161 | + if( rc!=SQLITE_OK ) db_pentest(zSQL); | |
| 1161 | 1162 | if( rc==SQLITE_OK && sqlite3_step(pStmt)==SQLITE_ROW ){ |
| 1162 | 1163 | db_unprotect(PROTECT_USER); |
| 1163 | 1164 | db_multi_exec( |
| 1164 | 1165 | "UPDATE user SET cookie=%Q, cexpire=%.17g" |
| 1165 | 1166 | " WHERE login=%Q", |
| 1166 | 1167 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1156,10 +1156,11 @@ | |
| 1156 | " AND constant_time_cmp(cookie,%Q)=0", |
| 1157 | zLogin, zHash |
| 1158 | ); |
| 1159 | pStmt = 0; |
| 1160 | rc = sqlite3_prepare_v2(pOther, zSQL, -1, &pStmt, 0); |
| 1161 | if( rc==SQLITE_OK && sqlite3_step(pStmt)==SQLITE_ROW ){ |
| 1162 | db_unprotect(PROTECT_USER); |
| 1163 | db_multi_exec( |
| 1164 | "UPDATE user SET cookie=%Q, cexpire=%.17g" |
| 1165 | " WHERE login=%Q", |
| 1166 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1156,10 +1156,11 @@ | |
| 1156 | " AND constant_time_cmp(cookie,%Q)=0", |
| 1157 | zLogin, zHash |
| 1158 | ); |
| 1159 | pStmt = 0; |
| 1160 | rc = sqlite3_prepare_v2(pOther, zSQL, -1, &pStmt, 0); |
| 1161 | if( rc!=SQLITE_OK ) db_pentest(zSQL); |
| 1162 | if( rc==SQLITE_OK && sqlite3_step(pStmt)==SQLITE_ROW ){ |
| 1163 | db_unprotect(PROTECT_USER); |
| 1164 | db_multi_exec( |
| 1165 | "UPDATE user SET cookie=%Q, cexpire=%.17g" |
| 1166 | " WHERE login=%Q", |
| 1167 |
+2
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -322,10 +322,11 @@ | ||
| 322 | 322 | |
| 323 | 323 | /* Compile the statement and check for illegal accesses or syntax errors. */ |
| 324 | 324 | report_restrict_sql(&zErr); |
| 325 | 325 | rc = sqlite3_prepare_v2(g.db, zSql, -1, &pStmt, &zTail); |
| 326 | 326 | if( rc!=SQLITE_OK ){ |
| 327 | + db_pentest(zSql); | |
| 327 | 328 | zErr = mprintf("Syntax error: %s", sqlite3_errmsg(g.db)); |
| 328 | 329 | } |
| 329 | 330 | if( !sqlite3_stmt_readonly(pStmt) ){ |
| 330 | 331 | zErr = mprintf("SQL must not modify the database"); |
| 331 | 332 | } |
| @@ -1049,10 +1050,11 @@ | ||
| 1049 | 1050 | |
| 1050 | 1051 | pStmt = 0; |
| 1051 | 1052 | rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover); |
| 1052 | 1053 | assert( rc==SQLITE_OK || pStmt==0 ); |
| 1053 | 1054 | if( rc!=SQLITE_OK ){ |
| 1055 | + db_pentest(zSql); | |
| 1054 | 1056 | return rc; |
| 1055 | 1057 | } |
| 1056 | 1058 | if( !pStmt ){ |
| 1057 | 1059 | /* this happens for a comment or white-space */ |
| 1058 | 1060 | return SQLITE_OK; |
| 1059 | 1061 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -322,10 +322,11 @@ | |
| 322 | |
| 323 | /* Compile the statement and check for illegal accesses or syntax errors. */ |
| 324 | report_restrict_sql(&zErr); |
| 325 | rc = sqlite3_prepare_v2(g.db, zSql, -1, &pStmt, &zTail); |
| 326 | if( rc!=SQLITE_OK ){ |
| 327 | zErr = mprintf("Syntax error: %s", sqlite3_errmsg(g.db)); |
| 328 | } |
| 329 | if( !sqlite3_stmt_readonly(pStmt) ){ |
| 330 | zErr = mprintf("SQL must not modify the database"); |
| 331 | } |
| @@ -1049,10 +1050,11 @@ | |
| 1049 | |
| 1050 | pStmt = 0; |
| 1051 | rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover); |
| 1052 | assert( rc==SQLITE_OK || pStmt==0 ); |
| 1053 | if( rc!=SQLITE_OK ){ |
| 1054 | return rc; |
| 1055 | } |
| 1056 | if( !pStmt ){ |
| 1057 | /* this happens for a comment or white-space */ |
| 1058 | return SQLITE_OK; |
| 1059 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -322,10 +322,11 @@ | |
| 322 | |
| 323 | /* Compile the statement and check for illegal accesses or syntax errors. */ |
| 324 | report_restrict_sql(&zErr); |
| 325 | rc = sqlite3_prepare_v2(g.db, zSql, -1, &pStmt, &zTail); |
| 326 | if( rc!=SQLITE_OK ){ |
| 327 | db_pentest(zSql); |
| 328 | zErr = mprintf("Syntax error: %s", sqlite3_errmsg(g.db)); |
| 329 | } |
| 330 | if( !sqlite3_stmt_readonly(pStmt) ){ |
| 331 | zErr = mprintf("SQL must not modify the database"); |
| 332 | } |
| @@ -1049,10 +1050,11 @@ | |
| 1050 | |
| 1051 | pStmt = 0; |
| 1052 | rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover); |
| 1053 | assert( rc==SQLITE_OK || pStmt==0 ); |
| 1054 | if( rc!=SQLITE_OK ){ |
| 1055 | db_pentest(zSql); |
| 1056 | return rc; |
| 1057 | } |
| 1058 | if( !pStmt ){ |
| 1059 | /* this happens for a comment or white-space */ |
| 1060 | return SQLITE_OK; |
| 1061 |
+1
| --- src/th_main.c | ||
| +++ src/th_main.c | ||
| @@ -1947,10 +1947,11 @@ | ||
| 1947 | 1947 | g.dbIgnoreErrors++; |
| 1948 | 1948 | rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail); |
| 1949 | 1949 | g.dbIgnoreErrors--; |
| 1950 | 1950 | report_unrestrict_sql(); |
| 1951 | 1951 | if( rc!=0 || zErr!=0 ){ |
| 1952 | + db_pentest(argv[1]); | |
| 1952 | 1953 | if( noComplain ) return TH_OK; |
| 1953 | 1954 | Th_ErrorMessage(interp, "SQL error: ", |
| 1954 | 1955 | zErr ? zErr : sqlite3_errmsg(g.db), -1); |
| 1955 | 1956 | return TH_ERROR; |
| 1956 | 1957 | } |
| 1957 | 1958 |
| --- src/th_main.c | |
| +++ src/th_main.c | |
| @@ -1947,10 +1947,11 @@ | |
| 1947 | g.dbIgnoreErrors++; |
| 1948 | rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail); |
| 1949 | g.dbIgnoreErrors--; |
| 1950 | report_unrestrict_sql(); |
| 1951 | if( rc!=0 || zErr!=0 ){ |
| 1952 | if( noComplain ) return TH_OK; |
| 1953 | Th_ErrorMessage(interp, "SQL error: ", |
| 1954 | zErr ? zErr : sqlite3_errmsg(g.db), -1); |
| 1955 | return TH_ERROR; |
| 1956 | } |
| 1957 |
| --- src/th_main.c | |
| +++ src/th_main.c | |
| @@ -1947,10 +1947,11 @@ | |
| 1947 | g.dbIgnoreErrors++; |
| 1948 | rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail); |
| 1949 | g.dbIgnoreErrors--; |
| 1950 | report_unrestrict_sql(); |
| 1951 | if( rc!=0 || zErr!=0 ){ |
| 1952 | db_pentest(argv[1]); |
| 1953 | if( noComplain ) return TH_OK; |
| 1954 | Th_ErrorMessage(interp, "SQL error: ", |
| 1955 | zErr ? zErr : sqlite3_errmsg(g.db), -1); |
| 1956 | return TH_ERROR; |
| 1957 | } |
| 1958 |