OLD | NEW |
| (Empty) |
1 From 9283044fa483fceefcb077d7b682d570e0d099ee Mon Sep 17 00:00:00 2001 | |
2 From: Scott Hess <shess@chromium.org> | |
3 Date: Tue, 16 Dec 2014 13:02:27 -0800 | |
4 Subject: [PATCH 07/10] [fts3] Disable fts3_tokenizer and fts4. | |
5 | |
6 fts3_tokenizer allows a SQLite user to specify a pointer to call as a | |
7 function, which has obvious sercurity implications. Disable fts4 until | |
8 someone explicitly decides to own support for it. Disable fts3tokenize | |
9 virtual table until someone explicitly decides to own support for it. | |
10 | |
11 No original review URL because this was part of the initial Chromium commit. | |
12 --- | |
13 third_party/sqlite/src/ext/fts3/fts3.c | 9 +++++++++ | |
14 1 file changed, 9 insertions(+) | |
15 | |
16 diff --git a/third_party/sqlite/src/ext/fts3/fts3.c b/third_party/sqlite/src/ext
/fts3/fts3.c | |
17 index 748faef..4f2ebb8 100644 | |
18 --- a/third_party/sqlite/src/ext/fts3/fts3.c | |
19 +++ b/third_party/sqlite/src/ext/fts3/fts3.c | |
20 @@ -287,6 +287,7 @@ | |
21 ** query logic likewise merges doclists so that newer data knocks out | |
22 ** older data. | |
23 */ | |
24 +#define CHROMIUM_FTS3_CHANGES 1 | |
25 | |
26 #include "fts3Int.h" | |
27 #if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) | |
28 @@ -3933,7 +3934,11 @@ int sqlite3Fts3Init(sqlite3 *db){ | |
29 ** module with sqlite. | |
30 */ | |
31 if( SQLITE_OK==rc | |
32 +#if CHROMIUM_FTS3_CHANGES && !SQLITE_TEST | |
33 + /* fts3_tokenizer() disabled for security reasons. */ | |
34 +#else | |
35 && SQLITE_OK==(rc = sqlite3Fts3InitHashTable(db, pHash, "fts3_tokenizer")) | |
36 +#endif | |
37 && SQLITE_OK==(rc = sqlite3_overload_function(db, "snippet", -1)) | |
38 && SQLITE_OK==(rc = sqlite3_overload_function(db, "offsets", 1)) | |
39 && SQLITE_OK==(rc = sqlite3_overload_function(db, "matchinfo", 1)) | |
40 @@ -3943,6 +3948,9 @@ int sqlite3Fts3Init(sqlite3 *db){ | |
41 rc = sqlite3_create_module_v2( | |
42 db, "fts3", &fts3Module, (void *)pHash, hashDestroy | |
43 ); | |
44 +#if CHROMIUM_FTS3_CHANGES && !SQLITE_TEST | |
45 + /* Disable fts4 and tokenizer vtab pending review. */ | |
46 +#else | |
47 if( rc==SQLITE_OK ){ | |
48 rc = sqlite3_create_module_v2( | |
49 db, "fts4", &fts3Module, (void *)pHash, 0 | |
50 @@ -3951,6 +3959,7 @@ int sqlite3Fts3Init(sqlite3 *db){ | |
51 if( rc==SQLITE_OK ){ | |
52 rc = sqlite3Fts3InitTok(db, (void *)pHash); | |
53 } | |
54 +#endif | |
55 return rc; | |
56 } | |
57 | |
58 -- | |
59 2.7.0 | |
60 | |
OLD | NEW |