blob: 38bd544838f8669e101dba657d20fd8adba1b068 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
From 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC
From: larrybr <larrybr@sqlite.org>
Date: 2022-12-05 02:52:37 UTC
Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f.
Upstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2]
CVE-2022-46908
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
---
shell.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shell.c b/shell.c
index d104768..0200c0a 100644
--- a/shell.c
+++ b/shell.c
@@ -12894,7 +12894,7 @@ static int safeModeAuth(
"zipfile",
"zipfile_cds",
};
- UNUSED_PARAMETER(zA2);
+ UNUSED_PARAMETER(zA1);
UNUSED_PARAMETER(zA3);
UNUSED_PARAMETER(zA4);
switch( op ){
@@ -12905,7 +12905,7 @@ static int safeModeAuth(
case SQLITE_FUNCTION: {
int i;
for(i=0; i<ArraySize(azProhibitedFunctions); i++){
- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
failIfSafeMode(p, "cannot use the %s() function in safe mode",
azProhibitedFunctions[i]);
}
--
2.30.2
|
