Add compile time option SQLITE_ENABLE_URI_00_ERROR. If defined, any "%00"

escape found in a URI is treated as an error. FossilOrigin-Name: e8a9bfece27e2af178a206ad6bce3f24d64e7ee4
2016-10-26 12:15:41 +00:00 · 2016-10-26 12:15:41 +00:00 · 5c35e90377
parent 01e697b4ec
commit 5c35e90377
7 changed files with 90 additions and 10 deletions
--- a/22
+++ b/22
@ -1,5 +1,5 @@
-C Add\stest\scase\sto\sdemonstrate\sa\s"BEGIN\sEXCLUSIVE"\scommand\sreturning\nSQLITE_BUSY_SNAPSHOT.
-D 2016-10-25T15:06:11.142
+C Add\scompile\stime\soption\sSQLITE_ENABLE_URI_00_ERROR.\sIf\sdefined,\sany\s"%00"\nescape\sfound\sin\sa\sURI\sis\streated\sas\san\serror.
+D 2016-10-26T12:15:41.516
 F Makefile.in 6fd48ffcf7c2deea7499062d1f3747f986c19678
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 5151cc64c4c05f3455f4f692ad11410a810d937f
@ -336,7 +336,7 @@ F src/btreeInt.h c18b7d2a3494695133e4e60ee36061d37f45d9a5
 F src/build.c 59dcfdc1ee55439d069af301ef7f2e84421b5102
 F src/callback.c 2e76147783386374bf01b227f752c81ec872d730
 F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e
-F src/ctime.c 72c9d01cf446069234e9b54db6fec3e1fc063f58
+F src/ctime.c a2a52d6e353f459d8ab0f07321f60fafa47d5421
 F src/date.c 95c9a8d00767e7221a8e9a31f4e913fc8029bf6b
 F src/dbstat.c 19ee7a4e89979d4df8e44cfac7a8f905ec89b77d
 F src/delete.c cb3f6300df24c26c609778b2731f82644b5532ec
@ -352,7 +352,7 @@ F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71
 F src/insert.c 2d5e197f2f60351937b201196965fd14cd88489c
 F src/legacy.c 75d3023be8f0d2b99d60f905090341a03358c58e
 F src/loadext.c 5d6642d141c07d366e43d359e94ec9de47add41d
-F src/main.c 395bfa7a200943395f7742a40b6671ec400559ea
+F src/main.c 6890ce0118968d17b18ba52ce2c99166484502ab
 F src/malloc.c 5ee7c2d3dcb1b0a902c9c6d0115deef54736bdfa
 F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
 F src/mem1.c 6919bcf12f221868ea066eec27e579fed95ce98b
@ -412,7 +412,7 @@ F src/test_backup.c bf5da90c9926df0a4b941f2d92825a01bbe090a0
 F src/test_bestindex.c d23f80d334c59662af69191854c76b8d3d0c8c96
 F src/test_blob.c a0f7ad49a0c9d4b72f693fe2a71c58d7e507174d
 F src/test_btree.c 8b2dc8b8848cf3a4db93f11578f075e82252a274
-F src/test_config.c 4d3d4a886416f369771d69a6dba926866deda788
+F src/test_config.c 371853b4691b482ec0bcdf77ec9e3f96dca75b04
 F src/test_delete.c 32690ea215abf29dda589a580cd1b790389759b6
 F src/test_demovfs.c a0c3bdd45ed044115c2c9f7779e56eafff18741e
 F src/test_devsym.c 4e58dec2602d8e139ca08659f62a62450587cb58
@ -1336,7 +1336,8 @@ F test/unique2.test 3674e9f2a3f1fbbfd4772ac74b7a97090d0f77d2
 F test/unixexcl.test d936ba2b06794018e136418addd59a2354eeae97
 F test/unordered.test ca7adce0419e4ca0c50f039885e76ed2c531eda8
 F test/update.test 6c68446b8a0a33d522a7c72b320934596a2d7d32
-F test/uri.test 6630ecbdea2aac10df3c89dbae2243f4c2c353e4
+F test/uri.test 3481026f00ade6dfe8adb7acb6e1e47b04369568
+F test/uri2.test 9d493160caf4f9906cc72d6fa3b19dba91265a70
 F test/userauth01.test e740a2697a7b40d7c5003a7d7edaee16acd349a9
 F test/utf16align.test 54cd35a27c005a9b6e7815d887718780b6a462ae
 F test/vacuum.test ce91c39f7f91a4273bf620efad21086b5aa6ef1d
@ -1527,7 +1528,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 98795c2dd9a6d8fa8d49a9f5c36cdf824cae7246
-R e30d5f9c1b1789e2c9a0ef25079fdb1b
+P b115856408b6aa5538be67beb619d7aff0630bea
+R e2d2bf4e59ce1ff8b210e1974b182dc4
+T *branch * uri-00-error
+T *sym-uri-00-error *
+T -sym-trunk *
 U dan
-Z 8c4ba873f6fa2463459d3dd02e3529e2
+Z 46faa36cce6bb438993a61c047f9eda6
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-b115856408b6aa5538be67beb619d7aff0630bea
+e8a9bfece27e2af178a206ad6bce3f24d64e7ee4
--- a/src/ctime.c
+++ b/src/ctime.c
@ -155,6 +155,9 @@ static const char * const azCompileOpt[] = {
 #if SQLITE_ENABLE_UPDATE_DELETE_LIMIT
  "ENABLE_UPDATE_DELETE_LIMIT",
 #endif
+#if defined(SQLITE_ENABLE_URI_00_ERROR)
+  "ENABLE_URI_00_ERROR",
+#endif
 #if SQLITE_HAS_CODEC
  "HAS_CODEC",
 #endif
--- a/src/main.c
+++ b/src/main.c
@ -2615,6 +2615,7 @@ int sqlite3ParseUri(

        assert( octet>=0 && octet<256 );
        if( octet==0 ){
+#ifndef SQLITE_ENABLE_URI_00_ERROR
          /* This branch is taken when "%00" appears within the URI. In this
          ** case we ignore all text in the remainder of the path, name or
          ** value currently being parsed. So ignore the current character
@ -2627,6 +2628,12 @@ int sqlite3ParseUri(
            iIn++;
          }
          continue;
+#else
+          /* If ENABLE_URI_00_ERROR is defined, "%00" in a URI is an error. */
+          *pzErrMsg = sqlite3_mprintf("unexpected %%00 in uri");
+          rc = SQLITE_ERROR;
+          goto parse_uri_out;
+#endif
        }
        c = octet;
      }else if( eState==1 && (c=='&' || c=='=') ){
--- a/src/test_config.c
+++ b/src/test_config.c
@ -714,6 +714,12 @@ Tcl_SetVar2(interp, "sqlite_options", "mergesort", "1", TCL_GLOBAL_ONLY);
  Tcl_SetVar2(interp, "sqlite_options", "sqllog", "0", TCL_GLOBAL_ONLY);
 #endif

+#ifdef SQLITE_ENABLE_URI_00_ERROR
+  Tcl_SetVar2(interp, "sqlite_options", "uri_00_error", "1", TCL_GLOBAL_ONLY);
+#else
+  Tcl_SetVar2(interp, "sqlite_options", "uri_00_error", "0", TCL_GLOBAL_ONLY);
+#endif
+
 #define LINKVAR(x) { \
    static const int cv_ ## x = SQLITE_ ## x; \
    Tcl_LinkVar(interp, "SQLITE_" #x, (char *)&(cv_ ## x), \
--- a/test/uri.test
+++ b/test/uri.test
@ -55,6 +55,10 @@ foreach {tn uri file} {

  ifcapable !curdir { if {$tn==3} break }

+  ifcapable uri_00_error {
+    if {[string first %00 $uri]>=0} continue
+  }
+
  if {$tcl_platform(platform)=="windows"} {
    #
    # NOTE: Due to limits on legal characters for file names imposed by
@ -124,6 +128,10 @@ foreach {tn uri kvlist} {
  14     http:test.db?hello&world                     {}
 } {

+  ifcapable uri_00_error {
+    if {[string first %00 $uri]>=0} continue
+  }
+
  if {$tcl_platform(platform) == "windows" && $tn>12} {
    continue
  }
--- a/test/uri2.test
+++ b/test/uri2.test
@ -0,0 +1,52 @@
+# 2016 October 26
+#
+# The author disclaims copyright to this source code.  In place of
+# a legal notice, here is a blessing:
+#
+#    May you do good and not evil.
+#    May you find forgiveness for yourself and forgive others.
+#    May you share freely, never taking more than you give.
+#
+#***********************************************************************
+#
+# Tests for SQLITE_ENABLE_URI_00_ERROR builds.
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+
+ifcapable !uri_00_error {
+  finish_test
+  return
+}
+
+set testprefix uri2
+db close
+sqlite3_shutdown
+sqlite3_config_uri 1
+
+foreach {tn uri} {
+  1 file:test.db%00trailing
+  2 file:test.db?%00trailing=1
+  3 file:test.db?trailing=1%00
+  4 file:test.db?trailing=1&abc%00def
+  5 file:test.db?trailing=1&abc%00def
+} {
+  do_test 1.$tn.1 {
+    set rc [catch { sqlite3 db $uri } msg]
+    list $rc $msg
+  } {1 {unexpected %00 in uri}}
+
+  do_test 1.$tn.2 {
+    sqlite3 db ""
+    catchsql { ATTACH $uri AS aux }
+  } {1 {unexpected %00 in uri}}
+
+  catch { db close }
+}
+
+reset_db
+do_test 2.0 {
+  expr {[lsearch [execsql {PRAGMA compile_options}] ENABLE_URI_00_ERROR] >= 0}
+} 1
+
+finish_test