<b>API Change:</b> Modify sqlite3_enable_load_extension() so that it only

enables/disables the load_extension() SQL function, and leaves the C-APIs enabled at all times. In this way, applications can enable extension loading for the C interface without having to expose that capability to the SQL. FossilOrigin-Name: edb454e45ae008e051e2f48d704a855b0c3e4be9
2016-04-20 00:30:05 +00:00 · 2016-04-20 00:30:05 +00:00 · 1a55dedf7b
commit 1a55dedf7b
parent a6dddd9bde
4 changed files with 19 additions and 23 deletions
--- a/17
+++ b/17
@ -1,5 +1,5 @@
-C Remove\squotes\sfrom\sidentifiers\sused\sas\sdatatype\snames\sin\sa\sCREATE\sTABLE\nstatement.\s\sFix\sfor\sticket\s[7d7525cb01b68]
-D 2016-04-18T15:46:14.499
+C <b>API\sChange:</b>\sModify\ssqlite3_enable_load_extension()\sso\sthat\sit\sonly\nenables/disables\sthe\sload_extension()\sSQL\sfunction,\sand\sleaves\sthe\sC-APIs\nenabled\sat\sall\stimes.\s\sIn\sthis\sway,\sapplications\scan\senable\sextension\sloading\nfor\sthe\sC\sinterface\swithout\shaving\sto\sexpose\sthat\scapability\sto\sthe\sSQL.
+D 2016-04-20T00:30:05.107
 F Makefile.in eba680121821b8a60940a81454316f47a341487a
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 71b8b16cf9393f68e2e2035486ca104872558836
@ -332,14 +332,14 @@ F src/delete.c 78eb999114ec04fcf1b7d123ccedb4b5b734930e
 F src/expr.c 17d4e745ef6a3fd2e4ef863f5f9a4912f1ba1198
 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb
 F src/fkey.c 4c0bd09e602b8ae8d36d81e31e4872d0b53c87bb
-F src/func.c 552d300265aed09eea21f68ac742a440550c0062
+F src/func.c 2105701329de3fc2bf47c4153181d412f9f1531c
 F src/global.c c45ea22aff29334f6a9ec549235ac3357c970015
 F src/hash.c 4263fbc955f26c2e8cdc0cf214bc42435aa4e4f5
 F src/hash.h c8f3c31722cf3277d03713909761e152a5b81094
 F src/hwtime.h d32741c8f4df852c7d959236615444e2b1063b08
 F src/insert.c 8f4e9fcbd8e95e85f15647ba8b413b18d556ec2b
 F src/legacy.c 75d3023be8f0d2b99d60f905090341a03358c58e
-F src/loadext.c e70f8f9e97624a232870ea5486e682c813ac3002
+F src/loadext.c 3f74ec102096acc2e33379c8379fced14b66858a
 F src/main.c 5ac9dccc03faadd6f867f67b9018ff41eeeadb46
 F src/malloc.c 1443d1ad95d67c21d77af7ae3f44678252f0efec
 F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
@ -1482,7 +1482,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 3a7d72986fabe9434ff5bd02c93169314f072b23
-R 761e3cafabae5f2f003bf21bdc2befe8
+P eba27d4d17a76884292667d570d542e580ee3e77
+R 9873f5bcb700ee71f0df5e53b0b9f6e3
+T *branch * load-ext-security
+T *sym-load-ext-security *
+T -sym-trunk *
 U drh
-Z 8a9e64fdc933327d2408de0f01f55efc
+Z 9467a7a3e92ef67650d6a6e01e05bbf1
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-eba27d4d17a76884292667d570d542e580ee3e77
+edb454e45ae008e051e2f48d704a855b0c3e4be9
--- a/src/func.c
+++ b/src/func.c
@ -1386,6 +1386,14 @@ static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){
  sqlite3 *db = sqlite3_context_db_handle(context);
  char *zErrMsg = 0;

+  /* Disallow the load_extension function unless the SQLITE_LoadExtension
+  ** flag is set.  See the sqlite3_enable_load_extension() API.
+  */
+  if( (db->flags & SQLITE_LoadExtension)==0 ){
+    sqlite3_result_error(context, "not authorized", -1);
+    return;
+  }
+
  if( argc==2 ){
    zProc = (const char *)sqlite3_value_text(argv[1]);
  }else{
--- a/src/loadext.c
+++ b/src/loadext.c
@ -460,22 +460,7 @@ static int sqlite3LoadExtension(


  if( pzErrMsg ) *pzErrMsg = 0;
-
-  /* Ticket #1863.  To avoid a creating security problems for older
-  ** applications that relink against newer versions of SQLite, the
-  ** ability to run load_extension is turned off by default.  One
-  ** must call sqlite3_enable_load_extension() to turn on extension
-  ** loading.  Otherwise you get the following error.
-  */
-  if( (db->flags & SQLITE_LoadExtension)==0 ){
-    if( pzErrMsg ){
-      *pzErrMsg = sqlite3_mprintf("not authorized");
-    }
-    return SQLITE_ERROR;
-  }
-
  zEntry = zProc ? zProc : "sqlite3_extension_init";
-
  handle = sqlite3OsDlOpen(pVfs, zFile);
 #if SQLITE_OS_UNIX || SQLITE_OS_WIN
  for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){