mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2: SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
This commit is contained in:
commit
e7ce7c6bb2
3
NEWS
3
NEWS
@ -26,6 +26,9 @@ PHP NEWS
|
||||
- sodium:
|
||||
. Fixed bug #77646 (sign_detached() strings not terminated). (Frank)
|
||||
|
||||
- SQLite3:
|
||||
. Added sqlite3.defensive INI directive. (BohwaZ)
|
||||
|
||||
- Standard:
|
||||
. Fixed bug #77664 (Segmentation fault when using undefined constant in
|
||||
custom wrapper). (Laruence)
|
||||
|
@ -26,6 +26,7 @@ extern zend_module_entry sqlite3_module_entry;
|
||||
|
||||
ZEND_BEGIN_MODULE_GLOBALS(sqlite3)
|
||||
char *extension_dir;
|
||||
int dbconfig_defensive;
|
||||
ZEND_END_MODULE_GLOBALS(sqlite3)
|
||||
|
||||
#ifdef ZTS
|
||||
|
@ -79,6 +79,9 @@ static void php_sqlite3_error(php_sqlite3_db_object *db_obj, char *format, ...)
|
||||
*/
|
||||
PHP_INI_BEGIN()
|
||||
STD_PHP_INI_ENTRY("sqlite3.extension_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, extension_dir, zend_sqlite3_globals, sqlite3_globals)
|
||||
#if SQLITE_VERSION_NUMBER >= 3026000
|
||||
STD_PHP_INI_ENTRY("sqlite3.defensive", "1", PHP_INI_SYSTEM, OnUpdateBool, dbconfig_defensive, zend_sqlite3_globals, sqlite3_globals)
|
||||
#endif
|
||||
PHP_INI_END()
|
||||
/* }}} */
|
||||
|
||||
@ -164,6 +167,12 @@ PHP_METHOD(sqlite3, open)
|
||||
sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL);
|
||||
}
|
||||
|
||||
#if SQLITE_VERSION_NUMBER >= 3026000
|
||||
if (SQLITE3G(dbconfig_defensive)) {
|
||||
sqlite3_db_config(db_obj->db, SQLITE_DBCONFIG_DEFENSIVE, 1, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (fullpath != filename) {
|
||||
efree(fullpath);
|
||||
}
|
||||
|
40
ext/sqlite3/tests/sqlite3_defensive.phpt
Normal file
40
ext/sqlite3/tests/sqlite3_defensive.phpt
Normal file
@ -0,0 +1,40 @@
|
||||
--TEST--
|
||||
SQLite3 defensive mode ini setting
|
||||
--SKIPIF--
|
||||
<?php require_once(__DIR__ . '/skipif.inc');
|
||||
|
||||
if (SQLite3::version()['versionNumber'] < 3026000) {
|
||||
die("skip: sqlite3 library version < 3.26: no support for defensive mode");
|
||||
}
|
||||
|
||||
?>
|
||||
--INI--
|
||||
sqlite3.defensive=On
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
$db = new SQLite3(':memory:');
|
||||
var_dump($db->exec('CREATE TABLE test (a, b);'));
|
||||
|
||||
// This does not generate an error!
|
||||
var_dump($db->exec('PRAGMA writable_schema = ON;'));
|
||||
var_dump($db->querySingle('PRAGMA writable_schema;'));
|
||||
|
||||
// Should be 1
|
||||
var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;'));
|
||||
|
||||
// Should generate an error!
|
||||
var_dump($db->querySingle('DELETE FROM sqlite_master;'));
|
||||
|
||||
// Should still be 1
|
||||
var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;'));
|
||||
?>
|
||||
--EXPECTF--
|
||||
bool(true)
|
||||
bool(true)
|
||||
int(1)
|
||||
int(1)
|
||||
|
||||
Warning: SQLite3::querySingle(): Unable to prepare statement: 1, table sqlite_master may not be modified in %s on line %d
|
||||
bool(false)
|
||||
int(1)
|
@ -1004,8 +1004,19 @@ cli_server.color = On
|
||||
;intl.use_exceptions = 0
|
||||
|
||||
[sqlite3]
|
||||
; Directory pointing to SQLite3 extensions
|
||||
; http://php.net/sqlite3.extension-dir
|
||||
;sqlite3.extension_dir =
|
||||
|
||||
; SQLite defensive mode flag (only available from SQLite 3.26+)
|
||||
; When the defensive flag is enabled, language features that allow ordinary
|
||||
; SQL to deliberately corrupt the database file are disabled. This forbids
|
||||
; writing directly to the schema, shadow tables (eg. FTS data tables), or
|
||||
; the sqlite_dbpage virtual table.
|
||||
; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
|
||||
; (for older SQLite versions, this flag has no use)
|
||||
sqlite3.defensive = 1
|
||||
|
||||
[Pcre]
|
||||
; PCRE library backtracking limit.
|
||||
; http://php.net/pcre.backtrack-limit
|
||||
|
@ -1011,8 +1011,19 @@ cli_server.color = On
|
||||
;intl.use_exceptions = 0
|
||||
|
||||
[sqlite3]
|
||||
; Directory pointing to SQLite3 extensions
|
||||
; http://php.net/sqlite3.extension-dir
|
||||
;sqlite3.extension_dir =
|
||||
|
||||
; SQLite defensive mode flag (only available from SQLite 3.26+)
|
||||
; When the defensive flag is enabled, language features that allow ordinary
|
||||
; SQL to deliberately corrupt the database file are disabled. This forbids
|
||||
; writing directly to the schema, shadow tables (eg. FTS data tables), or
|
||||
; the sqlite_dbpage virtual table.
|
||||
; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
|
||||
; (for older SQLite versions, this flag has no use)
|
||||
sqlite3.defensive = 1
|
||||
|
||||
[Pcre]
|
||||
; PCRE library backtracking limit.
|
||||
; http://php.net/pcre.backtrack-limit
|
||||
|
Loading…
Reference in New Issue
Block a user