Skip Menu |
 

This queue is for tickets about the DBD-SQLite CPAN distribution.

Report information
The Basics
Id: 128056
Status: resolved
Priority: 0/
Queue: DBD-SQLite

People
Owner: Nobody in particular
Requestors: wyant [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: Wishlist: expose sqlite3_db_config()
Download (untitled) / with headers
text/plain 314b
I would like to request the exposure of sqlite3_db_config(). The reason is to allow users to set SQLITE_DBCONFIG_DEFENSIVE on versions of SQLite that support this, in order to harden their code against the Magellan exploit. I should be able to have a pull request ready before too long if you would be interested.
Download (untitled) / with headers
text/plain 389b
On Thu Dec 20 03:11:40 2018, WYANT wrote: Show quoted text
> I would like to request the exposure of sqlite3_db_config(). The > reason is to allow users to set SQLITE_DBCONFIG_DEFENSIVE on versions > of SQLite that support this, in order to harden their code against the > Magellan exploit. > > I should be able to have a pull request ready before too long if you > would be interested.
Will do. Thanks.
Download (untitled) / with headers
text/plain 492b
On Thu Dec 20 03:44:27 2018, ISHIGAKI wrote: Show quoted text
> On Thu Dec 20 03:11:40 2018, WYANT wrote:
> > I would like to request the exposure of sqlite3_db_config(). The > > reason is to allow users to set SQLITE_DBCONFIG_DEFENSIVE on versions > > of SQLite that support this, in order to harden their code against the > > Magellan exploit. > > > > I should be able to have a pull request ready before too long if you > > would be interested.
> > > Will do. Thanks.
Shipped 1.61_04 with this feature.
Download (untitled) / with headers
text/plain 482b
Beautiful. Thanks. You are faster with the XS code than I am, and there will be no pull request from me. You might want to mention in the POD that the return of sqlite_db_config() is the old value of the setting. Also, I suspect a typo in the last sqlite_error() function in dbdimp.c: should the method name be 'sqlite_db_config' rather than just 'sqlite_config'? With gratitude for picking up maintenance on this module, and for the very timely response to the Magellan exploit.
Download (untitled) / with headers
text/plain 1009b
On Sun Dec 23 01:33:36 2018, WYANT wrote: Show quoted text
> Beautiful. Thanks. You are faster with the XS code than I am, and > there will be no pull request from me. > > You might want to mention in the POD that the return of > sqlite_db_config() is the old value of the setting.
The return value of sqlite_db_config should be the new value, unless I misread "The second parameter is a pointer to an integer into which is written 0 or 1 to indicate whether FK enforcement is off or on *following* this call." and such. https://www.sqlite.org/capi3ref.html#sqlitedbconfiglookaside Anyway, updated the pod. https://github.com/DBD-SQLite/DBD-SQLite/commit/fc491a64a9eadb799cbdbbe403ce99e0e6779fc1 Show quoted text
> > Also, I suspect a typo in the last sqlite_error() function in > dbdimp.c: should the method name be 'sqlite_db_config' rather than > just 'sqlite_config'?
Thanks for spotting the typo as well! Show quoted text
> > With gratitude for picking up maintenance on this module, and for the > very timely response to the Magellan exploit.
Download (untitled) / with headers
text/plain 1.1k
On Sun Dec 23 02:15:42 2018, ISHIGAKI wrote: Show quoted text
> On Sun Dec 23 01:33:36 2018, WYANT wrote:
> > Beautiful. Thanks. You are faster with the XS code than I am, and > > there will be no pull request from me. > > > > You might want to mention in the POD that the return of > > sqlite_db_config() is the old value of the setting.
> > The return value of sqlite_db_config should be the new value, unless I > misread "The second parameter is a pointer to an integer into which is > written 0 or 1 to indicate whether FK enforcement is off or on > *following* this call." and such. > > https://www.sqlite.org/capi3ref.html#sqlitedbconfiglookaside > > Anyway, updated the pod. https://github.com/DBD-SQLite/DBD- > SQLite/commit/fc491a64a9eadb799cbdbbe403ce99e0e6779fc1 >
> > > > Also, I suspect a typo in the last sqlite_error() function in > > dbdimp.c: should the method name be 'sqlite_db_config' rather than > > just 'sqlite_config'?
> > Thanks for spotting the typo as well! >
> > > > With gratitude for picking up maintenance on this module, and for the > > very timely response to the Magellan exploit.
Shipped 1.62. Thanks.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.