Fossil SCM
Resolve mis-expansion of ATTACH DATABASE reported in [https://fossil-scm.org/forum/forumpost/e5cf69b8a0|forumpost/e5cf69b8a0].
Commit
bcdc2f44511bcfd692e993fdea55c44ad76eaa34866d0e8455770ca906b6a42f
Parent
54d93954a9848d6…
1 file changed
+2
-2
M
src/db.c
+2
-2
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -1286,17 +1286,17 @@ | ||
| 1286 | 1286 | blob_init(&key, 0, 0); |
| 1287 | 1287 | db_maybe_obtain_encryption_key(zDbName, &key); |
| 1288 | 1288 | if( fossil_getenv("FOSSIL_USE_SEE_TEXTKEY")==0 ){ |
| 1289 | 1289 | char *zCmd = sqlite3_mprintf("ATTACH DATABASE %Q AS %Q KEY %Q", |
| 1290 | 1290 | zDbName, zLabel, blob_str(&key)); |
| 1291 | - db_multi_exec(zCmd /*works-like:""*/); | |
| 1291 | + db_multi_exec("%s", zCmd /*safe-for-%s*/); | |
| 1292 | 1292 | fossil_secure_zero(zCmd, strlen(zCmd)); |
| 1293 | 1293 | sqlite3_free(zCmd); |
| 1294 | 1294 | }else{ |
| 1295 | 1295 | char *zCmd = sqlite3_mprintf("ATTACH DATABASE %Q AS %Q KEY ''", |
| 1296 | 1296 | zDbName, zLabel); |
| 1297 | - db_multi_exec(zCmd /*works-like:""*/); | |
| 1297 | + db_multi_exec("%s", zCmd /*safe-for-%s*/); | |
| 1298 | 1298 | sqlite3_free(zCmd); |
| 1299 | 1299 | #if USE_SEE |
| 1300 | 1300 | if( blob_size(&key)>0 ){ |
| 1301 | 1301 | sqlite3_key_v2(g.db, zLabel, blob_str(&key), -1); |
| 1302 | 1302 | } |
| 1303 | 1303 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -1286,17 +1286,17 @@ | |
| 1286 | blob_init(&key, 0, 0); |
| 1287 | db_maybe_obtain_encryption_key(zDbName, &key); |
| 1288 | if( fossil_getenv("FOSSIL_USE_SEE_TEXTKEY")==0 ){ |
| 1289 | char *zCmd = sqlite3_mprintf("ATTACH DATABASE %Q AS %Q KEY %Q", |
| 1290 | zDbName, zLabel, blob_str(&key)); |
| 1291 | db_multi_exec(zCmd /*works-like:""*/); |
| 1292 | fossil_secure_zero(zCmd, strlen(zCmd)); |
| 1293 | sqlite3_free(zCmd); |
| 1294 | }else{ |
| 1295 | char *zCmd = sqlite3_mprintf("ATTACH DATABASE %Q AS %Q KEY ''", |
| 1296 | zDbName, zLabel); |
| 1297 | db_multi_exec(zCmd /*works-like:""*/); |
| 1298 | sqlite3_free(zCmd); |
| 1299 | #if USE_SEE |
| 1300 | if( blob_size(&key)>0 ){ |
| 1301 | sqlite3_key_v2(g.db, zLabel, blob_str(&key), -1); |
| 1302 | } |
| 1303 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -1286,17 +1286,17 @@ | |
| 1286 | blob_init(&key, 0, 0); |
| 1287 | db_maybe_obtain_encryption_key(zDbName, &key); |
| 1288 | if( fossil_getenv("FOSSIL_USE_SEE_TEXTKEY")==0 ){ |
| 1289 | char *zCmd = sqlite3_mprintf("ATTACH DATABASE %Q AS %Q KEY %Q", |
| 1290 | zDbName, zLabel, blob_str(&key)); |
| 1291 | db_multi_exec("%s", zCmd /*safe-for-%s*/); |
| 1292 | fossil_secure_zero(zCmd, strlen(zCmd)); |
| 1293 | sqlite3_free(zCmd); |
| 1294 | }else{ |
| 1295 | char *zCmd = sqlite3_mprintf("ATTACH DATABASE %Q AS %Q KEY ''", |
| 1296 | zDbName, zLabel); |
| 1297 | db_multi_exec("%s", zCmd /*safe-for-%s*/); |
| 1298 | sqlite3_free(zCmd); |
| 1299 | #if USE_SEE |
| 1300 | if( blob_size(&key)>0 ){ |
| 1301 | sqlite3_key_v2(g.db, zLabel, blob_str(&key), -1); |
| 1302 | } |
| 1303 |