Fossil SCM
Fix the REGEXP operator in SQL so that it returns false if the RHS is not a valid regular expression, rather than raising an error. This prevents strange error pages from being returned if a hacker submits a request that includes an invalid regular expression.
Commit
c50da2eaa428133d0f3cece73059299f190b60f744e22ae27993ef81fde63c0d
Parent
dcb55e6731fc55b…
1 file changed
+2
-1
+2
-1
| --- src/regexp.c | ||
| +++ src/regexp.c | ||
| @@ -711,11 +711,12 @@ | ||
| 711 | 711 | zPattern = (const char*)sqlite3_value_text(argv[0]); |
| 712 | 712 | if( zPattern==0 ) return; |
| 713 | 713 | zErr = re_compile(&pRe, zPattern, sqlite3_user_data(context)!=0); |
| 714 | 714 | if( zErr ){ |
| 715 | 715 | re_free(pRe); |
| 716 | - sqlite3_result_error(context, zErr, -1); | |
| 716 | + sqlite3_result_int(context, 0); | |
| 717 | + /* sqlite3_result_error(context, zErr, -1); */ | |
| 717 | 718 | return; |
| 718 | 719 | } |
| 719 | 720 | if( pRe==0 ){ |
| 720 | 721 | sqlite3_result_error_nomem(context); |
| 721 | 722 | return; |
| 722 | 723 |
| --- src/regexp.c | |
| +++ src/regexp.c | |
| @@ -711,11 +711,12 @@ | |
| 711 | zPattern = (const char*)sqlite3_value_text(argv[0]); |
| 712 | if( zPattern==0 ) return; |
| 713 | zErr = re_compile(&pRe, zPattern, sqlite3_user_data(context)!=0); |
| 714 | if( zErr ){ |
| 715 | re_free(pRe); |
| 716 | sqlite3_result_error(context, zErr, -1); |
| 717 | return; |
| 718 | } |
| 719 | if( pRe==0 ){ |
| 720 | sqlite3_result_error_nomem(context); |
| 721 | return; |
| 722 |
| --- src/regexp.c | |
| +++ src/regexp.c | |
| @@ -711,11 +711,12 @@ | |
| 711 | zPattern = (const char*)sqlite3_value_text(argv[0]); |
| 712 | if( zPattern==0 ) return; |
| 713 | zErr = re_compile(&pRe, zPattern, sqlite3_user_data(context)!=0); |
| 714 | if( zErr ){ |
| 715 | re_free(pRe); |
| 716 | sqlite3_result_int(context, 0); |
| 717 | /* sqlite3_result_error(context, zErr, -1); */ |
| 718 | return; |
| 719 | } |
| 720 | if( pRe==0 ){ |
| 721 | sqlite3_result_error_nomem(context); |
| 722 | return; |
| 723 |