SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws

author: bohwaz <github.bohwaz@miam.kd2.org> 2018-12-16 22:52:37 +0100
committer: Joe Watkins <krakjoe@php.net> 2019-03-11 18:02:03 +0100
commit: 58c25bf679125a2da354db58ddc6b0cf6d10ee00 (patch)
tree: 3848c97cf6070cc408e80acfbc8ed9b51280eeba /ext/sqlite3/sqlite3.c
parent: 66bd861fcd2a508d5321d8a3be6158f5026aafc6 (diff)
download: php-git-58c25bf679125a2da354db58ddc6b0cf6d10ee00.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 6894089e41..7e7a3a0454 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -81,6 +81,9 @@ static void php_sqlite3_error(php_sqlite3_db_object *db_obj, char *format, ...)
 */
 PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("sqlite3.extension_dir",  NULL, PHP_INI_SYSTEM, OnUpdateString, extension_dir, zend_sqlite3_globals, sqlite3_globals)
+#if SQLITE_VERSION_NUMBER >= 3026000
+	STD_PHP_INI_ENTRY("sqlite3.defensive",  "1", PHP_INI_SYSTEM, OnUpdateBool, dbconfig_defensive, zend_sqlite3_globals, sqlite3_globals)
+#endif
 PHP_INI_END()
 /* }}} */
 
@@ -166,6 +169,12 @@ PHP_METHOD(sqlite3, open)
 		sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL);
 	}
 
+#if SQLITE_VERSION_NUMBER >= 3026000
+	if (SQLITE3G(dbconfig_defensive)) {
+		sqlite3_db_config(db_obj->db, SQLITE_DBCONFIG_DEFENSIVE, 1, NULL);
+	}
+#endif
+
 	if (fullpath != filename) {
 		efree(fullpath);
 	}
author	bohwaz <github.bohwaz@miam.kd2.org>	2018-12-16 22:52:37 +0100
committer	Joe Watkins <krakjoe@php.net>	2019-03-11 18:02:03 +0100
commit	58c25bf679125a2da354db58ddc6b0cf6d10ee00 (patch)
tree	3848c97cf6070cc408e80acfbc8ed9b51280eeba /ext/sqlite3/sqlite3.c
parent	66bd861fcd2a508d5321d8a3be6158f5026aafc6 (diff)
download	php-git-58c25bf679125a2da354db58ddc6b0cf6d10ee00.tar.gz