Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Improvements to comments on the filename shell quoting logic and test logic. No changes to code. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
255a28b37a2241300b708b457f577bfc |
| User & Date: | drh 2021-06-24 16:40:48.149 |
Context
|
2021-06-25
| ||
| 07:41 | Integrated a doc suggestion from [forum:/forumpost/3e52a5ca12 | forum post 3e52a5ca12]. check-in: 62ad4e47a4 user: stephan tags: trunk | |
|
2021-06-24
| ||
| 16:40 | Improvements to comments on the filename shell quoting logic and test logic. No changes to code. check-in: 255a28b37a user: drh tags: trunk | |
| 16:31 | Improvements to command-line safety checks for Windows. Enhance the command-line argument quoting fuzzer to inject all kinds of multi-byte UTF-8 characters. check-in: 6d2e48b4cd user: drh tags: trunk | |
Changes
Changes to src/blob.c.
| ︙ | ︙ | |||
1365 1366 1367 1368 1369 1370 1371 | ** pBlob is a shell command under construction. This routine safely ** appends filename argument zIn. ** ** The argument is escaped if it contains white space or other characters ** that need to be escaped for the shell. If zIn contains characters ** that cannot be safely escaped, then throw a fatal error. ** | | | > | > | | 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 |
** pBlob is a shell command under construction. This routine safely
** appends filename argument zIn.
**
** The argument is escaped if it contains white space or other characters
** that need to be escaped for the shell. If zIn contains characters
** that cannot be safely escaped, then throw a fatal error.
**
** The argument is expected to be a filename. As shell commands
** commonly have command-line options that begin with "-" and since we
** do not want an attacker to be able to invoke these switches using
** filenames that begin with "-", if zIn begins with "-", prepend
** an additional "./" (or ".\\" on Windows).
*/
void blob_append_escaped_arg(Blob *pBlob, const char *zIn){
int i;
unsigned char c;
int needEscape = 0;
int n = blob_size(pBlob);
char *z = blob_buffer(pBlob);
/* Look for illegal byte-sequences and byte-sequences that require
** escaping. No control-characters are allowed. All spaces and
** non-ASCII unicode characters and some punctuation characters require
** escaping. */
for(i=0; (c = (unsigned char)zIn[i])!=0; i++){
if( aSafeChar[c] ){
unsigned char x = aSafeChar[c];
needEscape = 1;
if( x==2 ){
Blob bad;
blob_token(pBlob, &bad);
|
| ︙ | ︙ | |||
1542 1543 1544 1545 1546 1547 1548 |
int j;
for(j=0; j<n; j++){
unsigned char m, k;
int rc;
unsigned char zWord[100];
sqlite3_randomness(sizeof(m), &m);
m = (m%40)+5;
| | > > | 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 |
int j;
for(j=0; j<n; j++){
unsigned char m, k;
int rc;
unsigned char zWord[100];
sqlite3_randomness(sizeof(m), &m);
m = (m%40)+5;
sqlite3_randomness(m, zWord); /* Between 5 and 45 bytes of randomness */
for(k=0; k<m; k++){
unsigned char cx = zWord[k];
if( cx<0x20 || cx>=0x7f ){
/* Translate illegal bytes into various non-ASCII unicode
** characters in order to exercise those code paths */
unsigned int u;
if( cx>=0x7f ){
u = cx;
}else if( cx>=0x08 ){
u = 0x800 + cx;
}else{
u = 0x10000 + cx;
|
| ︙ | ︙ |
Changes to src/util.c.
| ︙ | ︙ | |||
180 181 182 183 184 185 186 | */ static int safeCmdStrTest = 0; /* ** Check the input string to ensure that it is safe to pass into system(). ** A string is unsafe for system() on unix if it contains any of the following: ** | | | 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 | */ static int safeCmdStrTest = 0; /* ** Check the input string to ensure that it is safe to pass into system(). ** A string is unsafe for system() on unix if it contains any of the following: ** ** * Any occurrance of '$' or '`' except single-quoted or after \ ** * Any of the following characters, unquoted: ;|& or \n except ** these characters are allowed as the very last character in the ** string. ** * Unbalanced single or double quotes ** ** This routine is intended as a second line of defense against attack. ** It should never fail. Dangerous shell strings should be detected and |
| ︙ | ︙ |