1From 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC 2From: larrybr <larrybr@sqlite.org> 3Date: 2022-12-05 02:52:37 UTC 4Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs 5 6Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f. 7 8Upstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2] 9CVE-2022-46908 10Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> 11--- 12 shell.c | 4 ++-- 13 1 file changed, 2 insertions(+), 2 deletions(-) 14 15diff --git a/shell.c b/shell.c 16index d104768..0200c0a 100644 17--- a/shell.c 18+++ b/shell.c 19@@ -12894,7 +12894,7 @@ static int safeModeAuth( 20 "zipfile", 21 "zipfile_cds", 22 }; 23- UNUSED_PARAMETER(zA2); 24+ UNUSED_PARAMETER(zA1); 25 UNUSED_PARAMETER(zA3); 26 UNUSED_PARAMETER(zA4); 27 switch( op ){ 28@@ -12905,7 +12905,7 @@ static int safeModeAuth( 29 case SQLITE_FUNCTION: { 30 int i; 31 for(i=0; i<ArraySize(azProhibitedFunctions); i++){ 32- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){ 33+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){ 34 failIfSafeMode(p, "cannot use the %s() function in safe mode", 35 azProhibitedFunctions[i]); 36 } 37-- 382.30.2 39 40