Improve the defenses against bad pathnames input into the findCreateFileMode()

function of os_unix.c in order to quiet static-analyzer warnings.  There
are no demonstrated problems in the prior code, but this change makes the code
easier to prove correct and more robust against future changes.

FossilOrigin-Name: a9cda38997a692e25d2fe994a9a3fb9472c00ba04323c82e706fdb1112d4244e
This commit is contained in:
drh 2022-03-09 12:20:40 +00:00
parent 32135d7e0a
commit 577f0a1e45
3 changed files with 21 additions and 18 deletions

View File

@ -1,5 +1,5 @@
C Fix\sa\sminor\stypo\sin\sa\scomment.
D 2022-03-08T15:49:17.727
C Improve\sthe\sdefenses\sagainst\sbad\spathnames\sinput\sinto\sthe\sfindCreateFileMode()\nfunction\sof\sos_unix.c\sin\sorder\sto\squiet\sstatic-analyzer\swarnings.\s\sThere\nare\sno\sdemonstrated\sproblems\sin\sthe\sprior\scode,\sbut\sthis\schange\smakes\sthe\scode\neasier\sto\sprove\scorrect\sand\smore\srobust\sagainst\sfuture\schanges.
D 2022-03-09T12:20:40.382
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@ -536,7 +536,7 @@ F src/os.c b1c4f2d485961e9a5b6b648c36687d25047c252222e9660b7cc25a6e1ea436ab
F src/os.h 26890f540b475598cd9881dcc68931377b8d429d3ea3e2eeb64470cde64199f8
F src/os_common.h b2f4707a603e36811d9b1a13278bffd757857b85
F src/os_setup.h 0dbaea40a7d36bf311613d31342e0b99e2536586
F src/os_unix.c f5ad51cfd024116db8531feab9efd831c2621436dca1464e4ff1e8af9bf3252e
F src/os_unix.c f0dc85d439ece53120c4071c98876758ec24e6f713b67af3711af033c897091e
F src/os_win.c 77d39873836f1831a9b0b91894fec45ab0e9ca8e067dc8c549e1d1eca1566fe9
F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a
F src/pager.c 42120492784fc9bcd9082b5c9b5e329b7318c357f9f3574a1bbfcf7418910356
@ -1944,8 +1944,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P 5e30c6ea707f9d381127e8b2bb59e0b39bc00997da2c14d32a0e302d0121203b
R dd5da23e574023e92e905ca7b95262f2
P cf61419f8816377f40ea032e1e3fb8b765ff7eb5b3a5ece8f7b59acffc5d3f05
R 4636c384f511b3ce8faf4df959f18ada
U drh
Z b1ecbf8808dd4301db6e0ee5abe242f9
Z d8f9c4f94a9d430581376bee45736088
# Remove this line to create a well-formed Fossil manifest.

View File

@ -1 +1 @@
cf61419f8816377f40ea032e1e3fb8b765ff7eb5b3a5ece8f7b59acffc5d3f05
a9cda38997a692e25d2fe994a9a3fb9472c00ba04323c82e706fdb1112d4244e

View File

@ -6011,20 +6011,23 @@ static int findCreateFileMode(
**
** where NN is a decimal number. The NN naming schemes are
** used by the test_multiplex.c module.
**
** In normal operation, the journal file name will always contain
** a '-' character. However in 8+3 filename mode, or if a corrupt
** rollback journal specifies a super-journal with a goofy name, then
** the '-' might be missing or the '-' might be the first character in
** the filename. In that case, just return SQLITE_OK with *pMode==0.
*/
nDb = sqlite3Strlen30(zPath) - 1;
while( zPath[nDb]!='-' ){
/* In normal operation, the journal file name will always contain
** a '-' character. However in 8+3 filename mode, or if a corrupt
** rollback journal specifies a super-journal with a goofy name, then
** the '-' might be missing. */
if( nDb==0 || zPath[nDb]=='.' ) return SQLITE_OK;
nDb = sqlite3Strlen30(zPath) - 1;
while( nDb>0 && zPath[nDb]!='.' ){
if( zPath[nDb]=='-' ){
memcpy(zDb, zPath, nDb);
zDb[nDb] = '\0';
rc = getFileMode(zDb, pMode, pUid, pGid);
break;
}
nDb--;
}
memcpy(zDb, zPath, nDb);
zDb[nDb] = '\0';
rc = getFileMode(zDb, pMode, pUid, pGid);
}else if( flags & SQLITE_OPEN_DELETEONCLOSE ){
*pMode = 0600;
}else if( flags & SQLITE_OPEN_URI ){