-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sqlite ATTACH
is crashing php when the filename is bind /w open_basedir
set
#9032
Comments
Can you reproduce the issue outside of docker ? Tested with proper releases and manually master build and having expected outputs. |
PHP crashed also when reproduced in GH Actions CI. I tested now also on my local/not virtualized Windows machine - PHP crashed too, only the first |
That might be an issue with SQLite3 itself. Which version do you use, see https://3v4l.org/PrC72. |
On my Windows machine I use |
2 always, tried with baremetal Linux machines; old CentOs 7 and Alpine virtualized. Also tried at last a manually build with sanitizers in case. |
@devnexen with what Sqlite versions? https://3v4l.org/NZnPl /w EOL PHP versions shows it is broken since PHP 5.5 interestingly, Sqlite v3.7.7.1 /w PHP 5.5.x is broken, but Sqlite v3.8.10.2 /w PHP 5.4.x is fine. It seems at least something in php-src has impact on this issue. I also tested |
I looked into the php-src code - https://github.com/search?q=SQLITE_ATTACHrepo%3Aphp%2Fphp-src&type=Code&ref=advsearch for https://3v4l.org/TLlCo - the answer seems yes! |
ATTACH :a AS xx
is crashing php (Sqlite/PDOStatement::bindValue)ATTACH
is crashing php when the filename is bind /w open_basedir
set
Ah was going to ask if you had any particular context, I even ventured into docker official images and still did not get any issue, and locally my sqlite versions ran from 3.7.17 to 3.38.5. |
Yeah, the problem is that ext/pdo_sqlite/sqlite_driver.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c
index bdad23a581..9ce10a431b 100644
--- a/ext/pdo_sqlite/sqlite_driver.c
+++ b/ext/pdo_sqlite/sqlite_driver.c
@@ -775,6 +775,7 @@ static int authorizer(void *autharg, int access_type, const char *arg3, const ch
}
case SQLITE_ATTACH: {
+ if (!arg3) return SQLITE_DENY;
filename = make_filename_safe(arg3);
if (!filename) {
return SQLITE_DENY; This needs more careful investigation, though. It might be possible to not necessarily deny authorization, and the |
If we want to deny in copy too might be simpler to return NULL in this make_filename_safe helper then ? But indeed might need further look. |
The arguments 3 to 6 of the authorizer callback may be `NULL`[1], and we have to properly deal with that. Instead of causing a segfault, we deny authorization, which is still better than a crash, and apparently, we cannot do better anyway. [1] <https://www.sqlite.org/c3ref/set_authorizer.html>
* PHP-8.0: Fix GH-9032: SQLite3 authorizer crashes on NULL values
* PHP-8.1: Fix GH-9032: SQLite3 authorizer crashes on NULL values
Description
The following code:
demo: https://3v4l.org/Su8lK
Resulted in this output:
But I expected this output instead:
PHP Version
any
Operating System
any
The text was updated successfully, but these errors were encountered: