diff options
author | bohwaz <github.bohwaz@miam.kd2.org> | 2018-12-16 22:52:37 +0100 |
---|---|---|
committer | Joe Watkins <krakjoe@php.net> | 2019-03-11 18:02:03 +0100 |
commit | 58c25bf679125a2da354db58ddc6b0cf6d10ee00 (patch) | |
tree | 3848c97cf6070cc408e80acfbc8ed9b51280eeba | |
parent | 66bd861fcd2a508d5321d8a3be6158f5026aafc6 (diff) | |
download | php-git-58c25bf679125a2da354db58ddc6b0cf6d10ee00.tar.gz |
SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/sqlite3/php_sqlite3.h | 1 | ||||
-rw-r--r-- | ext/sqlite3/sqlite3.c | 9 | ||||
-rw-r--r-- | ext/sqlite3/tests/sqlite3_defensive.phpt | 40 | ||||
-rw-r--r-- | php.ini-development | 11 | ||||
-rw-r--r-- | php.ini-production | 11 |
6 files changed, 74 insertions, 1 deletions
@@ -2,7 +2,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2019, PHP 7.1.28 - +- SQLite3: + . Added sqlite3.defensive INI directive. (BohwaZ) 07 Mar 2019, PHP 7.1.27 diff --git a/ext/sqlite3/php_sqlite3.h b/ext/sqlite3/php_sqlite3.h index 69b5a689a5..cd73ae868c 100644 --- a/ext/sqlite3/php_sqlite3.h +++ b/ext/sqlite3/php_sqlite3.h @@ -28,6 +28,7 @@ extern zend_module_entry sqlite3_module_entry; ZEND_BEGIN_MODULE_GLOBALS(sqlite3) char *extension_dir; + int dbconfig_defensive; ZEND_END_MODULE_GLOBALS(sqlite3) #ifdef ZTS diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 6894089e41..7e7a3a0454 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -81,6 +81,9 @@ static void php_sqlite3_error(php_sqlite3_db_object *db_obj, char *format, ...) */ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("sqlite3.extension_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, extension_dir, zend_sqlite3_globals, sqlite3_globals) +#if SQLITE_VERSION_NUMBER >= 3026000 + STD_PHP_INI_ENTRY("sqlite3.defensive", "1", PHP_INI_SYSTEM, OnUpdateBool, dbconfig_defensive, zend_sqlite3_globals, sqlite3_globals) +#endif PHP_INI_END() /* }}} */ @@ -166,6 +169,12 @@ PHP_METHOD(sqlite3, open) sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL); } +#if SQLITE_VERSION_NUMBER >= 3026000 + if (SQLITE3G(dbconfig_defensive)) { + sqlite3_db_config(db_obj->db, SQLITE_DBCONFIG_DEFENSIVE, 1, NULL); + } +#endif + if (fullpath != filename) { efree(fullpath); } diff --git a/ext/sqlite3/tests/sqlite3_defensive.phpt b/ext/sqlite3/tests/sqlite3_defensive.phpt new file mode 100644 index 0000000000..064d87b50a --- /dev/null +++ b/ext/sqlite3/tests/sqlite3_defensive.phpt @@ -0,0 +1,40 @@ +--TEST-- +SQLite3 defensive mode ini setting +--SKIPIF-- +<?php require_once(__DIR__ . '/skipif.inc'); + +if (SQLite3::version()['versionNumber'] < 3026000) { + die("skip: sqlite3 library version < 3.26: no support for defensive mode"); +} + +?> +--INI-- +sqlite3.defensive=On +--FILE-- +<?php + +$db = new SQLite3(':memory:'); +var_dump($db->exec('CREATE TABLE test (a, b);')); + +// This does not generate an error! +var_dump($db->exec('PRAGMA writable_schema = ON;')); +var_dump($db->querySingle('PRAGMA writable_schema;')); + +// Should be 1 +var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;')); + +// Should generate an error! +var_dump($db->querySingle('DELETE FROM sqlite_master;')); + +// Should still be 1 +var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;')); +?> +--EXPECTF-- +bool(true) +bool(true) +int(1) +int(1) + +Warning: SQLite3::querySingle(): Unable to prepare statement: 1, table sqlite_master may not be modified in %s on line %d +bool(false) +int(1)
\ No newline at end of file diff --git a/php.ini-development b/php.ini-development index 3b8a2aff32..74e1f4a1d4 100644 --- a/php.ini-development +++ b/php.ini-development @@ -991,8 +991,19 @@ cli_server.color = On ;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +sqlite3.defensive = 1 + [Pcre] ;PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit diff --git a/php.ini-production b/php.ini-production index d8f686e269..0658bf890f 100644 --- a/php.ini-production +++ b/php.ini-production @@ -991,8 +991,19 @@ cli_server.color = On ;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +sqlite3.defensive = 1 + [Pcre] ;PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit |