Skip Menu |

This queue is for tickets about the DBD-SQLite CPAN distribution.

Report information
The Basics
Id: 128056
Status: resolved
Priority: 0/
Queue: DBD-SQLite

People
Owner: Nobody in particular
Requestors: wyant [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: Wishlist: expose sqlite3_db_config()
I would like to request the exposure of sqlite3_db_config(). The reason is to allow users to set SQLITE_DBCONFIG_DEFENSIVE on versions of SQLite that support this, in order to harden their code against the Magellan exploit. I should be able to have a pull request ready before too long if you would be interested.
On Thu Dec 20 03:11:40 2018, WYANT wrote: Show quoted text
> I would like to request the exposure of sqlite3_db_config(). The > reason is to allow users to set SQLITE_DBCONFIG_DEFENSIVE on versions > of SQLite that support this, in order to harden their code against the > Magellan exploit. > > I should be able to have a pull request ready before too long if you > would be interested.
Will do. Thanks.
On Thu Dec 20 03:44:27 2018, ISHIGAKI wrote: Show quoted text
> On Thu Dec 20 03:11:40 2018, WYANT wrote:
> > I would like to request the exposure of sqlite3_db_config(). The > > reason is to allow users to set SQLITE_DBCONFIG_DEFENSIVE on versions > > of SQLite that support this, in order to harden their code against the > > Magellan exploit. > > > > I should be able to have a pull request ready before too long if you > > would be interested.
> > > Will do. Thanks.
Shipped 1.61_04 with this feature.
Beautiful. Thanks. You are faster with the XS code than I am, and there will be no pull request from me. You might want to mention in the POD that the return of sqlite_db_config() is the old value of the setting. Also, I suspect a typo in the last sqlite_error() function in dbdimp.c: should the method name be 'sqlite_db_config' rather than just 'sqlite_config'? With gratitude for picking up maintenance on this module, and for the very timely response to the Magellan exploit.
On Sun Dec 23 01:33:36 2018, WYANT wrote: Show quoted text
> Beautiful. Thanks. You are faster with the XS code than I am, and > there will be no pull request from me. > > You might want to mention in the POD that the return of > sqlite_db_config() is the old value of the setting.
The return value of sqlite_db_config should be the new value, unless I misread "The second parameter is a pointer to an integer into which is written 0 or 1 to indicate whether FK enforcement is off or on *following* this call." and such. https://www.sqlite.org/capi3ref.html#sqlitedbconfiglookaside Anyway, updated the pod. https://github.com/DBD-SQLite/DBD-SQLite/commit/fc491a64a9eadb799cbdbbe403ce99e0e6779fc1 Show quoted text
> > Also, I suspect a typo in the last sqlite_error() function in > dbdimp.c: should the method name be 'sqlite_db_config' rather than > just 'sqlite_config'?
Thanks for spotting the typo as well! Show quoted text
> > With gratitude for picking up maintenance on this module, and for the > very timely response to the Magellan exploit.
On Sun Dec 23 02:15:42 2018, ISHIGAKI wrote: Show quoted text
> On Sun Dec 23 01:33:36 2018, WYANT wrote:
> > Beautiful. Thanks. You are faster with the XS code than I am, and > > there will be no pull request from me. > > > > You might want to mention in the POD that the return of > > sqlite_db_config() is the old value of the setting.
> > The return value of sqlite_db_config should be the new value, unless I > misread "The second parameter is a pointer to an integer into which is > written 0 or 1 to indicate whether FK enforcement is off or on > *following* this call." and such. > > https://www.sqlite.org/capi3ref.html#sqlitedbconfiglookaside > > Anyway, updated the pod. https://github.com/DBD-SQLite/DBD- > SQLite/commit/fc491a64a9eadb799cbdbbe403ce99e0e6779fc1 >
> > > > Also, I suspect a typo in the last sqlite_error() function in > > dbdimp.c: should the method name be 'sqlite_db_config' rather than > > just 'sqlite_config'?
> > Thanks for spotting the typo as well! >
> > > > With gratitude for picking up maintenance on this module, and for the > > very timely response to the Magellan exploit.
Shipped 1.62. Thanks.