Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Merge in reject-ckout-db branch. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | sec2020 |
| Files: | files | file ages | folders |
| SHA3-256: |
8c16884aa2d163122db36ecd10175a1d |
| User & Date: | stephan 2020-08-17 18:20:12.780 |
Context
|
2020-08-19
| ||
| 01:07 | Cherrypick key fixes from the sec2020 branch in order to devise a minimal patch to get us to version 2.12.1. check-in: fe1264d35d user: drh tags: sec2020-2.12-patch | |
|
2020-08-17
| ||
| 18:57 | Enhance the db_prepare() and db_static_prepare() utility routines so that they throw an error if handed more than one SQL statement. This might help prevent SQL injection attacks. check-in: be0d95aded user: drh tags: sec2020 | |
| 18:20 | Merge in reject-ckout-db branch. check-in: 8c16884aa2 user: stephan tags: sec2020 | |
| 17:50 | Fixed [17d00c20dd9f] by adding NULL check on F- and E-card UUID tokens. Closed-Leaf check-in: 458f30fc0b user: stephan tags: reject-ckout-db | |
| 17:34 | The allow-symlinks setting is no longer versionable and is off by default. The allow-symlinks setting no longer propagates with a clone. The help text for allow-symlinks discourages its use. There is a new --symlink flag on "fossil open" to permit the use of symlinks on an open, for the adventurous. Ticket [f9831fdef1d4edcc]. check-in: ff98dd5af6 user: drh tags: sec2020 | |
Changes
Changes to src/file.c.
| ︙ | ︙ | |||
2404 2405 2406 2407 2408 2409 2410 |
** special case, if it ends with a period then a pointer to the
** terminating NUL byte is returned.
*/
const char * file_extension(const char *zFileName){
const char * zExt = zFileName ? strrchr(zFileName, '.') : 0;
return zExt ? &zExt[1] : 0;
}
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 |
** special case, if it ends with a period then a pointer to the
** terminating NUL byte is returned.
*/
const char * file_extension(const char *zFileName){
const char * zExt = zFileName ? strrchr(zFileName, '.') : 0;
return zExt ? &zExt[1] : 0;
}
/*
** Returns true if the given filename ends with any of fossil's
** checkout database filenames: _FOSSIL_ or .fslckout. Specifically,
** it returns 1 if it's an exact match and 2 if it's the tail match
** on a longer input.
**
** zFilename must, for efficiency's sake, be a
** canonicalized/normalized name, e.g. using only '/' as directory
** separators.
**
** nFilename must be the strlen of zFilename. If it is negative,
** strlen() is used to calculate it.
*/
int filename_is_ckout_db(const char *zFilename, int nFilename){
const char *zEnd; /* one-after-the-end of zFilename */
int gotSuffix = 0; /* length of suffix (-wal, -shm, -journal) */
assert(zFilename && "API misuse");
if(nFilename<0) nFilename = (int)strlen(zFilename);
if(nFilename<8/*strlen _FOSSIL_*/) return 0;
zEnd = zFilename + nFilename;
if(nFilename>=12/*strlen _FOSSIL_-(shm|wal)*/){
/* Check for (-wal, -shm, -journal) suffixes, with an eye towards
** runtime speed. */
if('-'==zEnd[-4]){
if(fossil_stricmp("wal", &zEnd[-3])
&& fossil_stricmp("shm", &zEnd[-3])){
return 0;
}
gotSuffix = 4;
}else if(nFilename>=16/*strlen _FOSSIL_-journal*/ && '-'==zEnd[-8]){
if(fossil_stricmp("journal",&zEnd[-7])){
return 0;
}
gotSuffix = 8;
}
if(gotSuffix){
assert(4==gotSuffix || 8==gotSuffix);
zEnd -= gotSuffix;
nFilename -= gotSuffix;
gotSuffix = 1;
}
assert(nFilename>=8 && "strlen _FOSSIL_");
assert(gotSuffix==0 || gotSuffix==1);
}
switch(zEnd[-1]){
case '_': {
return fossil_strnicmp("_FOSSIL_", &zEnd[-8], 8)
? 0 : (8==nFilename
? 1
: ('/'==zEnd[-9] ? 2 : gotSuffix));
}
case 't': {
return (nFilename<9
|| '.'!=zEnd[-9]
|| fossil_strnicmp(".fslckout", &zEnd[-9], 9))
? 0 : (9==nFilename
? 1
: ('/'==zEnd[-10] ? 2 : gotSuffix));
}
default: {
return 0;
}
}
}
/*
** COMMAND: test-is-ckout-db
**
** Usage: %fossil test-is-ckout-db FILENAMES...
**
** Passes each given name to filename_is_ckout_db() and outputs one
** line per file: the result value of that function followed by the
** name.
*/
void test_is_ckout_name_cmd(void){
int i;
if(g.argc<3){
usage("FILENAME_1 [...FILENAME_N]");
}
for( i = 2; i < g.argc; ++i ){
const int check = filename_is_ckout_db(g.argv[i], -1);
fossil_print("%d %s\n", check, g.argv[i]);
}
}
|
Changes to src/manifest.c.
| ︙ | ︙ | |||
479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 |
if( n<10 || z[0]<'A' || z[0]>'Z' || z[1]!=' ' ){
blob_reset(pContent);
blob_appendf(pErr, "line 1 not recognized");
return 0;
}
/* Then verify the Z-card.
*/
if( verify_z_card(z, n, pErr)==2 ){
blob_reset(pContent);
return 0;
}
/* Allocate a Manifest object to hold the parsed control artifact.
*/
p = fossil_malloc( sizeof(*p) );
memset(p, 0, sizeof(*p));
memcpy(&p->content, pContent, sizeof(p->content));
p->rid = rid;
| > > > > > > > > > | 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 |
if( n<10 || z[0]<'A' || z[0]>'Z' || z[1]!=' ' ){
blob_reset(pContent);
blob_appendf(pErr, "line 1 not recognized");
return 0;
}
/* Then verify the Z-card.
*/
#if 1
/* Disable this ***ONLY*** (ONLY!) when testing hand-written inputs
for card-related syntax errors. */
if( verify_z_card(z, n, pErr)==2 ){
blob_reset(pContent);
return 0;
}
#else
#warning ACHTUNG - z-card check is disabled for testing purposes.
if(0 && verify_z_card(NULL, 0, NULL)){
/*avoid unused static func error*/
}
#endif
/* Allocate a Manifest object to hold the parsed control artifact.
*/
p = fossil_malloc( sizeof(*p) );
memset(p, 0, sizeof(*p));
memcpy(&p->content, pContent, sizeof(p->content));
p->rid = rid;
|
| ︙ | ︙ | |||
599 600 601 602 603 604 605 606 607 608 609 610 611 612 |
** is when the specific event is said to occur.
*/
case 'E': {
if( p->rEventDate>0.0 ) SYNTAX("more than one E-card");
p->rEventDate = db_double(0.0,"SELECT julianday(%Q)", next_token(&x,0));
if( p->rEventDate<=0.0 ) SYNTAX("malformed date on E-card");
p->zEventId = next_token(&x, &sz);
if( !hname_validate(p->zEventId, sz) ){
SYNTAX("malformed hash on E-card");
}
p->type = CFTYPE_EVENT;
break;
}
| > | 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 |
** is when the specific event is said to occur.
*/
case 'E': {
if( p->rEventDate>0.0 ) SYNTAX("more than one E-card");
p->rEventDate = db_double(0.0,"SELECT julianday(%Q)", next_token(&x,0));
if( p->rEventDate<=0.0 ) SYNTAX("malformed date on E-card");
p->zEventId = next_token(&x, &sz);
if( p->zEventId==0 ) SYNTAX("missing hash on E-card");
if( !hname_validate(p->zEventId, sz) ){
SYNTAX("malformed hash on E-card");
}
p->type = CFTYPE_EVENT;
break;
}
|
| ︙ | ︙ | |||
620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 |
case 'F': {
char *zName, *zPerm, *zPriorName;
zName = next_token(&x,0);
if( zName==0 ) SYNTAX("missing filename on F-card");
defossilize(zName);
if( !file_is_simple_pathname_nonstrict(zName) ){
SYNTAX("F-card filename is not a simple path");
}
zUuid = next_token(&x, &sz);
if( p->zBaseline==0 || zUuid!=0 ){
if( !hname_validate(zUuid,sz) ){
SYNTAX("F-card hash invalid");
}
}
zPerm = next_token(&x,0);
zPriorName = next_token(&x,0);
if( zPriorName ){
| > > > | 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 |
case 'F': {
char *zName, *zPerm, *zPriorName;
zName = next_token(&x,0);
if( zName==0 ) SYNTAX("missing filename on F-card");
defossilize(zName);
if( !file_is_simple_pathname_nonstrict(zName) ){
SYNTAX("F-card filename is not a simple path");
}else if( filename_is_ckout_db(zName,-1) ){
SYNTAX("F-card contains reserved name of a checkout db.");
}
zUuid = next_token(&x, &sz);
if( p->zBaseline==0 || zUuid!=0 ){
if( zUuid==0 ) SYNTAX("missing hash on F-card");
if( !hname_validate(zUuid,sz) ){
SYNTAX("F-card hash invalid");
}
}
zPerm = next_token(&x,0);
zPriorName = next_token(&x,0);
if( zPriorName ){
|
| ︙ | ︙ |