Make sure the authenticator does not try to authenticate columns in

subqueries.   Ticket #1607. (CVS 2939)

FossilOrigin-Name: 55b7dfaf4d3a6d01fffdaf1707e88bcd215d7333

manifest

@@ -1,5 +1,5 @@
-C Fix\sa\svdbe\sstack\soverflow\sproblem\sthat\scould\soccur\swith\sa\scorrelated\ssub-query.\s(CVS\s2938)
-D 2006-01-13T13:01:19
+C Make\ssure\sthe\sauthenticator\sdoes\snot\stry\sto\sauthenticate\scolumns\sin\nsubqueries.\s\s\sTicket\s#1607.\s(CVS\s2939)
+D 2006-01-13T13:55:45
 F Makefile.in ab3ffd8d469cef4477257169b82810030a6bb967
 F Makefile.linux-gcc aee18d8a05546dcf1888bd4547e442008a49a092
 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -33,7 +33,7 @@ F sqlite3.pc.in 985b9bf34192a549d7d370e0f0b6b34a4f61369a
 F src/alter.c 4139c8f1d0f12b1759e767b1d09dd594e2b5ac1d
 F src/analyze.c 7d2b7ab9a9c2fd6e55700f69064dfdd3e36d7a8a
 F src/attach.c d4b9d8bd71d72409720946355be41cafb6c09079
-F src/auth.c cdec356a5cd8b217c346f816c5912221537fe87f
+F src/auth.c 9ae84d2d94eb96195e04515715e08e85963e96c2
 F src/btree.c fe2bdc08a1fc5847eb7eebfce5251558440dcc28
 F src/btree.h 5663c4f43e8521546ccebc8fc95acb013b8f3184
 F src/build.c 6db3dcb70ae17dcd303493c021e6dd233217828f
@@ -107,7 +107,7 @@ F test/attach.test dae07fa1554b618b9cc4c7bc349b3bc1a532180e
 F test/attach2.test 0e6a7c54343c85dd877a1e86073a05176043ed40
 F test/attach3.test 63013383adc4380af69779f34f4af19bd49f7cbe
 F test/attachmalloc.test cdb26c42850f04698377ccec05f5fa89d987837c
-F test/auth.test 973ae7274eae32c4453fbbcbd0ec2b80c5b1eeb3
+F test/auth.test 487fdd95cf1f765815455012e7338d9019bf8852
 F test/autoinc.test 60005a676e3e4e17dfa9dbd08aa0b76587ff97e3
 F test/autovacuum.test 9471d58a08b14dc0d2c15b87583c46d1744343d6
 F test/autovacuum_crash.test 05a63b8805b20cfba7ace82856ce4ccdda075a31
@@ -340,7 +340,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl a99cf5f6d8bd4d5537584a2b342f0fb9fa601d8b
 F www/whentouse.tcl 97e2b5cd296f7d8057e11f44427dea8a4c2db513
-P 5e46ec01ff3fe8654fc267efbb12d2d1b01c48aa
-R dcb9fd33555e157fe0ad7a05ab19e97e
-U danielk1977
-Z 81727b2a642e7063a9db6351127fac13
+P caa7da807d6578f7d8848978a7d3175b6ea1743b
+R 6f79ad1aee69a2aa6006e2d298cd5d79
+U drh
+Z b22000ffe605fffb14ba67c5c1828077

manifest.uuid

@@ -1 +1 @@
-caa7da807d6578f7d8848978a7d3175b6ea1743b
+55b7dfaf4d3a6d01fffdaf1707e88bcd215d7333

src/auth.c

@@ -14,7 +14,7 @@
 ** systems that do not need this facility may omit it by recompiling
 ** the library with -DSQLITE_OMIT_AUTHORIZATION=1
 **
-** $Id: auth.c,v 1.23 2006/01/05 11:34:34 danielk1977 Exp $
+** $Id: auth.c,v 1.24 2006/01/13 13:55:45 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -118,6 +118,11 @@ void sqlite3AuthRead(
   if( pExpr->op==TK_AS ) return;
   assert( pExpr->op==TK_COLUMN );
   iDb = sqlite3SchemaToIndex(pParse->db, pExpr->pSchema);
+  if( iDb<0 ){
+    /* An attempt to read a column out of a subquery or other
+    ** temporary table. */
+    return;
+  }
   for(iSrc=0; pTabList && iSrc<pTabList->nSrc; iSrc++){
     if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
   }
@@ -142,7 +147,7 @@ void sqlite3AuthRead(
   }else{
     zCol = "ROWID";
   }
-  assert( iDb<db->nDb );
+  assert( iDb>=0 && iDb<db->nDb );
   zDBase = db->aDb[iDb].zName;
   rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, 
                  pParse->zAuthContext);

test/auth.test

@@ -12,7 +12,7 @@
 # focus of this script is testing the ATTACH and DETACH commands
 # and related functionality.
 #
-# $Id: auth.test,v 1.29 2005/07/29 15:36:15 drh Exp $
+# $Id: auth.test,v 1.30 2006/01/13 13:55:45 drh Exp $
 #
 
 set testdir [file dirname $argv0]
@@ -2207,6 +2207,17 @@ do_test auth-5.1 {
   }
 } {1}
 
+# Ticket #1607
+#
+do_test auth-5.2 {
+  execsql {
+    SELECT name FROM (
+      SELECT * FROM sqlite_master UNION ALL SELECT * FROM sqlite_temp_master)
+    WHERE type='table'
+    ORDER BY name
+  }
+} {sqlite_stat1 t1 t2 t3 t4 tx v1chng}
+
 
 rename proc {}
 rename proc_real proc