Prevent users from creating zipfile() virtual tables without an argument.
FossilOrigin-Name: 81fdbe0cc5a360f818078d47a5888d0a29d555927da279a9a0213702d74ef09a
This commit is contained in:
dan
parent
ea4125bbef
commit
fdcd9d4e6c
@ -318,6 +318,21 @@ static int zipfileConnect(
|
||||
ZipfileTab *pNew = 0;
|
||||
int rc;
|
||||
|
||||
/* If the table name is not "zipfile", require that the argument be
|
||||
** specified. This stops zipfile tables from being created as:
|
||||
**
|
||||
** CREATE VIRTUAL TABLE zzz USING zipfile();
|
||||
**
|
||||
** It does not prevent:
|
||||
**
|
||||
** CREATE VIRTUAL TABLE zipfile USING zipfile();
|
||||
*/
|
||||
assert( 0==sqlite3_stricmp(argv[0], "zipfile") );
|
||||
if( (0!=sqlite3_stricmp(argv[2], "zipfile") && argc<4) || argc>4 ){
|
||||
*pzErr = sqlite3_mprintf("zipfile constructor requires one argument");
|
||||
return SQLITE_ERROR;
|
||||
}
|
||||
|
||||
if( argc>3 ){
|
||||
zFile = argv[3];
|
||||
nFile = (int)strlen(zFile)+1;
|
||||
@ -1725,72 +1740,6 @@ static void zipfileFunctionCds(
|
||||
}
|
||||
}
|
||||
|
||||
static void zipfileFunctionBlob(
|
||||
sqlite3_context *context,
|
||||
int argc,
|
||||
sqlite3_value **argv
|
||||
){
|
||||
ZipfileCsr *pCsr;
|
||||
ZipfileTab *pTab = (ZipfileTab*)sqlite3_user_data(context);
|
||||
ZipfileEntry *p;
|
||||
int nBody = 0;
|
||||
int nCds = 0;
|
||||
int nEocd = ZIPFILE_EOCD_FIXED_SZ;
|
||||
ZipfileEOCD eocd;
|
||||
|
||||
u8 *aZip;
|
||||
int nZip;
|
||||
|
||||
u8 *aBody;
|
||||
u8 *aCds;
|
||||
|
||||
pCsr = zipfileFindCursor(pTab, sqlite3_value_int64(argv[0]));
|
||||
if( pCsr->pFile || pTab->zFile ){
|
||||
sqlite3_result_error(context, "illegal use of zipfile_blob()", -1);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Figure out how large the final file will be */
|
||||
for(p=pTab->pFirstEntry; p; p=p->pNext){
|
||||
nBody += ZIPFILE_LFH_FIXED_SZ + p->cds.nFile + 9 + p->cds.szCompressed;
|
||||
nCds += ZIPFILE_CDS_FIXED_SZ + p->cds.nFile + 9;
|
||||
}
|
||||
|
||||
/* Allocate space to create the serialized file */
|
||||
nZip = nBody + nCds + nEocd;
|
||||
aZip = (u8*)sqlite3_malloc(nZip);
|
||||
if( aZip==0 ){
|
||||
sqlite3_result_error_nomem(context);
|
||||
return;
|
||||
}
|
||||
aBody = aZip;
|
||||
aCds = &aZip[nBody];
|
||||
|
||||
/* Populate the body and CDS */
|
||||
memset(&eocd, 0, sizeof(eocd));
|
||||
for(p=pTab->pFirstEntry; p; p=p->pNext){
|
||||
p->cds.iOffset = (aBody - aZip);
|
||||
aBody += zipfileSerializeLFH(p, aBody);
|
||||
if( p->cds.szCompressed ){
|
||||
memcpy(aBody, p->aData, p->cds.szCompressed);
|
||||
aBody += p->cds.szCompressed;
|
||||
}
|
||||
aCds += zipfileSerializeCDS(p, aCds);
|
||||
eocd.nEntry++;
|
||||
}
|
||||
|
||||
/* Append the EOCD record */
|
||||
assert( aBody==&aZip[nBody] );
|
||||
assert( aCds==&aZip[nBody+nCds] );
|
||||
eocd.nEntryTotal = eocd.nEntry;
|
||||
eocd.nSize = nCds;
|
||||
eocd.iOffset = nBody;
|
||||
zipfileSerializeEOCD(&eocd, aCds);
|
||||
|
||||
sqlite3_result_blob(context, aZip, nZip, zipfileFree);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
** xFindFunction method.
|
||||
*/
|
||||
@ -1807,11 +1756,6 @@ static int zipfileFindFunction(
|
||||
*ppArg = (void*)pVtab;
|
||||
return 1;
|
||||
}
|
||||
if( sqlite3_stricmp("zipfile_blob", zName)==0 ){
|
||||
*pxFunc = zipfileFunctionBlob;
|
||||
*ppArg = (void*)pVtab;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -2091,7 +2035,6 @@ static int zipfileRegister(sqlite3 *db){
|
||||
|
||||
int rc = sqlite3_create_module(db, "zipfile" , &zipfileModule, 0);
|
||||
if( rc==SQLITE_OK ) rc = sqlite3_overload_function(db, "zipfile_cds", -1);
|
||||
if( rc==SQLITE_OK ) rc = sqlite3_overload_function(db, "zipfile_blob", -1);
|
||||
if( rc==SQLITE_OK ){
|
||||
rc = sqlite3_create_function(db, "zipfile", -1, SQLITE_UTF8, 0, 0,
|
||||
zipfileStep, zipfileFinal
|
||||
|
||||
14
manifest
14
manifest
@ -1,5 +1,5 @@
|
||||
C Add\sunix-only\stests\sto\scheck\sthat\sthe\s"unzip"\sprogram\scan\sunpack\sarchives\ngenerated\sby\sthe\szipfile\sextension.
|
||||
D 2018-01-29T19:47:32.262
|
||||
C Prevent\susers\sfrom\screating\szipfile()\svirtual\stables\swithout\san\sargument.
|
||||
D 2018-01-30T14:07:55.726
|
||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||
F Makefile.in 7a3f714b4fcf793108042b7b0a5c720b0b310ec84314d61ba7f3f49f27e550ea
|
||||
@ -304,7 +304,7 @@ F ext/misc/vfsstat.c bf10ef0bc51e1ad6756629e1edb142f7a8db1178
|
||||
F ext/misc/vtablog.c 31d0d8f4406795679dcd3a67917c213d3a2a5fb3ea5de35f6e773491ed7e13c9
|
||||
F ext/misc/vtshim.c 1976e6dd68dd0d64508c91a6dfab8e75f8aaf6cd
|
||||
F ext/misc/wholenumber.c 784b12543d60702ebdd47da936e278aa03076212
|
||||
F ext/misc/zipfile.c 73d932caf69fea8ba42b58ce2cea0fbea2c126a355498fd215008f61651ec661
|
||||
F ext/misc/zipfile.c ead25f062cee790b7c764ce8d2c6ad32a7ac82fc31ea80f69be99948f96f2d19
|
||||
F ext/rbu/rbu.c ea7d1b7eb44c123a2a619332e19fe5313500705c4a58aaa1887905c0d83ffc2e
|
||||
F ext/rbu/rbu1.test 43836fac8c7179a358eaf38a8a1ef3d6e6285842
|
||||
F ext/rbu/rbu10.test 1846519a438697f45e9dcb246908af81b551c29e1078d0304fae83f1fed7e9ee
|
||||
@ -1603,7 +1603,7 @@ F test/wordcount.c cb589cec469a1d90add05b1f8cee75c7210338d87a5afd65260ed5c0f4bbf
|
||||
F test/writecrash.test f1da7f7adfe8d7f09ea79b42e5ca6dcc41102f27f8e334ad71539501ddd910cc
|
||||
F test/zeroblob.test 3857870fe681b8185654414a9bccfde80b62a0fa
|
||||
F test/zerodamage.test 9c41628db7e8d9e8a0181e59ea5f189df311a9f6ce99cc376dc461f66db6f8dc
|
||||
F test/zipfile.test c40ae3a5d3fd0a31a8c6bdae1dbef55dd7140acb0d3b316c8edb744085ea6134
|
||||
F test/zipfile.test 368a5a0c97be0caaf8c3efa8293bfe18436d546805678fa00b6aa81bc98727ec
|
||||
F tool/GetFile.cs a15e08acb5dd7539b75ba23501581d7c2b462cb5
|
||||
F tool/GetTclKit.bat 8995df40c4209808b31f24de0b58f90930239a234f7591e3675d45bfbb990c5d
|
||||
F tool/Replace.cs 02c67258801c2fb5f63231e0ac0f220b4b36ba91
|
||||
@ -1702,7 +1702,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||
P e364eeac76a8225146b37d801bc6cabe03e9abede5a1412ebe9d94a32d8838cc
|
||||
R 78b9ab6ccbbf51cef503aff35913fad6
|
||||
P 438c5c5237a801ae78809bf324bb9251fb50250addfc1f8e36659442b0e26ab6
|
||||
R 0f8eb13d715c2195926ed8684b288375
|
||||
U dan
|
||||
Z 634d51e6967cb83c15fce21d55a23989
|
||||
Z 6708ef6af1eb582ebfe61496df2754b7
|
||||
|
||||
@ -1 +1 @@
|
||||
438c5c5237a801ae78809bf324bb9251fb50250addfc1f8e36659442b0e26ab6
|
||||
81fdbe0cc5a360f818078d47a5888d0a29d555927da279a9a0213702d74ef09a
|
||||
@ -358,24 +358,14 @@ do_catchsql_test 3.2 {
|
||||
} {1 {no such column: rowid}}
|
||||
|
||||
#-------------------------------------------------------------------------
|
||||
reset_db
|
||||
forcedelete test.zip
|
||||
load_static_extension db zipfile
|
||||
|
||||
do_execsql_test 4.0 {
|
||||
CREATE VIRTUAL TABLE x2 USING zipfile();
|
||||
INSERT INTO x2(name, data) VALUES('dir1/', NULL);
|
||||
INSERT INTO x2(name, data) VALUES('file1', '1234');
|
||||
INSERT INTO x2(name, data) VALUES('dir1/file2', '5678');
|
||||
SELECT name, data FROM x2
|
||||
} {
|
||||
dir1/ {} file1 1234 dir1/file2 5678
|
||||
}
|
||||
|
||||
do_test 4.1 {
|
||||
set data [db one {SELECT zipfile_blob(z) FROM x2 LIMIT 1}]
|
||||
db eval { SELECT name, data FROM zipfile($data) }
|
||||
} {dir1/ {} file1 1234 dir1/file2 5678}
|
||||
# Test some error conditions.
|
||||
#
|
||||
do_catchsql_test 4.1 {
|
||||
CREATE VIRTUAL TABLE yyy USING zipfile();
|
||||
} {1 {zipfile constructor requires one argument}}
|
||||
do_catchsql_test 4.2 {
|
||||
CREATE VIRTUAL TABLE yyy USING zipfile('test.zip', 'test.zip');
|
||||
} {1 {zipfile constructor requires one argument}}
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user