diff options
| author | bohwaz <github.bohwaz@miam.kd2.org> | 2018-12-16 22:52:37 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-03-11 16:26:15 +0100 |
| commit | e93259bb23500e26a7b0317cde9ad5398eec074e (patch) | |
| tree | 347d3011bcd74e300d0afbbafd3aa594b8ee78e0 /ext/sqlite3 | |
| parent | 1fd32e9c2f15eabdc7e531b1fa76f62fc5a8ca75 (diff) | |
| download | php-git-e93259bb23500e26a7b0317cde9ad5398eec074e.tar.gz | |
SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
Diffstat (limited to 'ext/sqlite3')
| -rw-r--r-- | ext/sqlite3/php_sqlite3.h | 1 | ||||
| -rw-r--r-- | ext/sqlite3/sqlite3.c | 9 | ||||
| -rw-r--r-- | ext/sqlite3/tests/sqlite3_defensive.phpt | 40 |
3 files changed, 50 insertions, 0 deletions
diff --git a/ext/sqlite3/php_sqlite3.h b/ext/sqlite3/php_sqlite3.h index 69b5a689a5..cd73ae868c 100644 --- a/ext/sqlite3/php_sqlite3.h +++ b/ext/sqlite3/php_sqlite3.h @@ -28,6 +28,7 @@ extern zend_module_entry sqlite3_module_entry; ZEND_BEGIN_MODULE_GLOBALS(sqlite3) char *extension_dir; + int dbconfig_defensive; ZEND_END_MODULE_GLOBALS(sqlite3) #ifdef ZTS diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 4c6b3f11fb..a7df269533 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -81,6 +81,9 @@ static void php_sqlite3_error(php_sqlite3_db_object *db_obj, char *format, ...) */ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("sqlite3.extension_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, extension_dir, zend_sqlite3_globals, sqlite3_globals) +#if SQLITE_VERSION_NUMBER >= 3026000 + STD_PHP_INI_ENTRY("sqlite3.defensive", "1", PHP_INI_SYSTEM, OnUpdateBool, dbconfig_defensive, zend_sqlite3_globals, sqlite3_globals) +#endif PHP_INI_END() /* }}} */ @@ -166,6 +169,12 @@ PHP_METHOD(sqlite3, open) sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL); } +#if SQLITE_VERSION_NUMBER >= 3026000 + if (SQLITE3G(dbconfig_defensive)) { + sqlite3_db_config(db_obj->db, SQLITE_DBCONFIG_DEFENSIVE, 1, NULL); + } +#endif + if (fullpath != filename) { efree(fullpath); } diff --git a/ext/sqlite3/tests/sqlite3_defensive.phpt b/ext/sqlite3/tests/sqlite3_defensive.phpt new file mode 100644 index 0000000000..064d87b50a --- /dev/null +++ b/ext/sqlite3/tests/sqlite3_defensive.phpt @@ -0,0 +1,40 @@ +--TEST-- +SQLite3 defensive mode ini setting +--SKIPIF-- +<?php require_once(__DIR__ . '/skipif.inc'); + +if (SQLite3::version()['versionNumber'] < 3026000) { + die("skip: sqlite3 library version < 3.26: no support for defensive mode"); +} + +?> +--INI-- +sqlite3.defensive=On +--FILE-- +<?php + +$db = new SQLite3(':memory:'); +var_dump($db->exec('CREATE TABLE test (a, b);')); + +// This does not generate an error! +var_dump($db->exec('PRAGMA writable_schema = ON;')); +var_dump($db->querySingle('PRAGMA writable_schema;')); + +// Should be 1 +var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;')); + +// Should generate an error! +var_dump($db->querySingle('DELETE FROM sqlite_master;')); + +// Should still be 1 +var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;')); +?> +--EXPECTF-- +bool(true) +bool(true) +int(1) +int(1) + +Warning: SQLite3::querySingle(): Unable to prepare statement: 1, table sqlite_master may not be modified in %s on line %d +bool(false) +int(1)
\ No newline at end of file |