diff options
| author | bohwaz <github.bohwaz@miam.kd2.org> | 2018-12-16 22:52:37 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-03-11 16:26:15 +0100 |
| commit | e93259bb23500e26a7b0317cde9ad5398eec074e (patch) | |
| tree | 347d3011bcd74e300d0afbbafd3aa594b8ee78e0 | |
| parent | 1fd32e9c2f15eabdc7e531b1fa76f62fc5a8ca75 (diff) | |
| download | php-git-e93259bb23500e26a7b0317cde9ad5398eec074e.tar.gz | |
SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/sqlite3/php_sqlite3.h | 1 | ||||
| -rw-r--r-- | ext/sqlite3/sqlite3.c | 9 | ||||
| -rw-r--r-- | ext/sqlite3/tests/sqlite3_defensive.phpt | 40 | ||||
| -rw-r--r-- | php.ini-development | 11 | ||||
| -rw-r--r-- | php.ini-production | 11 |
6 files changed, 75 insertions, 0 deletions
@@ -32,6 +32,9 @@ PHP NEWS - sodium: . Fixed bug #77646 (sign_detached() strings not terminated). (Frank) +- SQLite3: + . Added sqlite3.defensive INI directive. (BohwaZ) + - Standard: . Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper). (Laruence) diff --git a/ext/sqlite3/php_sqlite3.h b/ext/sqlite3/php_sqlite3.h index 69b5a689a5..cd73ae868c 100644 --- a/ext/sqlite3/php_sqlite3.h +++ b/ext/sqlite3/php_sqlite3.h @@ -28,6 +28,7 @@ extern zend_module_entry sqlite3_module_entry; ZEND_BEGIN_MODULE_GLOBALS(sqlite3) char *extension_dir; + int dbconfig_defensive; ZEND_END_MODULE_GLOBALS(sqlite3) #ifdef ZTS diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 4c6b3f11fb..a7df269533 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -81,6 +81,9 @@ static void php_sqlite3_error(php_sqlite3_db_object *db_obj, char *format, ...) */ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("sqlite3.extension_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, extension_dir, zend_sqlite3_globals, sqlite3_globals) +#if SQLITE_VERSION_NUMBER >= 3026000 + STD_PHP_INI_ENTRY("sqlite3.defensive", "1", PHP_INI_SYSTEM, OnUpdateBool, dbconfig_defensive, zend_sqlite3_globals, sqlite3_globals) +#endif PHP_INI_END() /* }}} */ @@ -166,6 +169,12 @@ PHP_METHOD(sqlite3, open) sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL); } +#if SQLITE_VERSION_NUMBER >= 3026000 + if (SQLITE3G(dbconfig_defensive)) { + sqlite3_db_config(db_obj->db, SQLITE_DBCONFIG_DEFENSIVE, 1, NULL); + } +#endif + if (fullpath != filename) { efree(fullpath); } diff --git a/ext/sqlite3/tests/sqlite3_defensive.phpt b/ext/sqlite3/tests/sqlite3_defensive.phpt new file mode 100644 index 0000000000..064d87b50a --- /dev/null +++ b/ext/sqlite3/tests/sqlite3_defensive.phpt @@ -0,0 +1,40 @@ +--TEST-- +SQLite3 defensive mode ini setting +--SKIPIF-- +<?php require_once(__DIR__ . '/skipif.inc'); + +if (SQLite3::version()['versionNumber'] < 3026000) { + die("skip: sqlite3 library version < 3.26: no support for defensive mode"); +} + +?> +--INI-- +sqlite3.defensive=On +--FILE-- +<?php + +$db = new SQLite3(':memory:'); +var_dump($db->exec('CREATE TABLE test (a, b);')); + +// This does not generate an error! +var_dump($db->exec('PRAGMA writable_schema = ON;')); +var_dump($db->querySingle('PRAGMA writable_schema;')); + +// Should be 1 +var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;')); + +// Should generate an error! +var_dump($db->querySingle('DELETE FROM sqlite_master;')); + +// Should still be 1 +var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;')); +?> +--EXPECTF-- +bool(true) +bool(true) +int(1) +int(1) + +Warning: SQLite3::querySingle(): Unable to prepare statement: 1, table sqlite_master may not be modified in %s on line %d +bool(false) +int(1)
\ No newline at end of file diff --git a/php.ini-development b/php.ini-development index d6e219b295..b8141af076 100644 --- a/php.ini-development +++ b/php.ini-development @@ -986,8 +986,19 @@ cli_server.color = On ;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +sqlite3.defensive = 1 + [Pcre] ;PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit diff --git a/php.ini-production b/php.ini-production index 0bd579a0b0..1dbbfc8d76 100644 --- a/php.ini-production +++ b/php.ini-production @@ -993,8 +993,19 @@ cli_server.color = On ;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +sqlite3.defensive = 1 + [Pcre] ;PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit |