cuberite/SQLiteCpp
1
0
Fork 0
mirror of https://github.com/cuberite/SQLiteCpp.git synced 2025-08-04 09:46:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use the new SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION from SQLite 3.13 for security reason

Browse Source
This commit is contained in:
Sébastien Rombauts 2016-06-30 21:48:40 +02:00
parent 94c658d828
commit 0cdb40d614
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Database.cpp
View File

@ -160,19 +160,21 @@ void Database::loadExtension(const char* apExtensionName,
const char *apEntryPointName)
{
#ifdef SQLITE_OMIT_LOAD_EXTENSION
#
throw std::runtime_error("sqlite extensions are disabled");
#
#else
#
#ifdef SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION // Since SQLite 3.13 (2016-05-18):
// Security warning:
// It is recommended that the SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION method be used to enable only this interface.
// The use of the sqlite3_enable_load_extension() interface should be avoided to keep the SQL load_extension()
// disabled and prevent SQL injections from giving attackers access to extension loading capabilities.
int ret = sqlite3_db_config(mpSQLite, SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION, 1, NULL);
#else
int ret = sqlite3_enable_load_extension(mpSQLite, 1);
#endif
check(ret);
ret = sqlite3_load_extension(mpSQLite, apExtensionName, apEntryPointName, 0);
check(ret);
#
#endif
}