1*4882a593SmuzhiyunFrom 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC 2*4882a593SmuzhiyunFrom: larrybr <larrybr@sqlite.org> 3*4882a593SmuzhiyunDate: 2022-12-05 02:52:37 UTC 4*4882a593SmuzhiyunSubject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunFix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f. 7*4882a593Smuzhiyun 8*4882a593SmuzhiyunUpstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2] 9*4882a593SmuzhiyunCVE-2022-46908 10*4882a593SmuzhiyunSigned-off-by: Vivek Kumbhar <vkumbhar@mvista.com> 11*4882a593Smuzhiyun--- 12*4882a593Smuzhiyun shell.c | 4 ++-- 13*4882a593Smuzhiyun 1 file changed, 2 insertions(+), 2 deletions(-) 14*4882a593Smuzhiyun 15*4882a593Smuzhiyundiff --git a/shell.c b/shell.c 16*4882a593Smuzhiyunindex d104768..0200c0a 100644 17*4882a593Smuzhiyun--- a/shell.c 18*4882a593Smuzhiyun+++ b/shell.c 19*4882a593Smuzhiyun@@ -12894,7 +12894,7 @@ static int safeModeAuth( 20*4882a593Smuzhiyun "zipfile", 21*4882a593Smuzhiyun "zipfile_cds", 22*4882a593Smuzhiyun }; 23*4882a593Smuzhiyun- UNUSED_PARAMETER(zA2); 24*4882a593Smuzhiyun+ UNUSED_PARAMETER(zA1); 25*4882a593Smuzhiyun UNUSED_PARAMETER(zA3); 26*4882a593Smuzhiyun UNUSED_PARAMETER(zA4); 27*4882a593Smuzhiyun switch( op ){ 28*4882a593Smuzhiyun@@ -12905,7 +12905,7 @@ static int safeModeAuth( 29*4882a593Smuzhiyun case SQLITE_FUNCTION: { 30*4882a593Smuzhiyun int i; 31*4882a593Smuzhiyun for(i=0; i<ArraySize(azProhibitedFunctions); i++){ 32*4882a593Smuzhiyun- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){ 33*4882a593Smuzhiyun+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){ 34*4882a593Smuzhiyun failIfSafeMode(p, "cannot use the %s() function in safe mode", 35*4882a593Smuzhiyun azProhibitedFunctions[i]); 36*4882a593Smuzhiyun } 37*4882a593Smuzhiyun-- 38*4882a593Smuzhiyun2.30.2 39*4882a593Smuzhiyun 40