[Python-checkins] cpython (3.4): Issue #21147: sqlite3 now raises an exception if the request contains a null
serhiy.storchaka
python-checkins at python.org
Thu Sep 11 12:33:41 CEST 2014
http://hg.python.org/cpython/rev/517f216d45ea
changeset: 92402:517f216d45ea
branch: 3.4
parent: 92398:6a96c28f9474
user: Serhiy Storchaka <storchaka at gmail.com>
date: Thu Sep 11 13:29:05 2014 +0300
summary:
Issue #21147: sqlite3 now raises an exception if the request contains a null
character instead of truncate it. Based on patch by Victor Stinner.
files:
Lib/sqlite3/test/regression.py | 10 ++++++++++
Misc/NEWS | 3 +++
Modules/_sqlite/connection.c | 3 ++-
Modules/_sqlite/statement.c | 4 ++++
4 files changed, 19 insertions(+), 1 deletions(-)
diff --git a/Lib/sqlite3/test/regression.py b/Lib/sqlite3/test/regression.py
--- a/Lib/sqlite3/test/regression.py
+++ b/Lib/sqlite3/test/regression.py
@@ -336,6 +336,16 @@
sqlite.connect, ":memory:", isolation_level=123)
+ def CheckNullCharacter(self):
+ # Issue #21147
+ con = sqlite.connect(":memory:")
+ self.assertRaises(ValueError, con, "\0select 1")
+ self.assertRaises(ValueError, con, "select 1\0")
+ cur = con.cursor()
+ self.assertRaises(ValueError, cur.execute, " \0select 2")
+ self.assertRaises(ValueError, cur.execute, "select 2\0")
+
+
def suite():
regression_suite = unittest.makeSuite(RegressionTests, "Check")
return unittest.TestSuite((regression_suite,))
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -32,6 +32,9 @@
Library
-------
+- Issue #21147: sqlite3 now raises an exception if the request contains a null
+ character instead of truncate it. Based on patch by Victor Stinner.
+
- Issue #21951: Fixed a crash in Tkinter on AIX when called Tcl command with
empty string or tuple argument.
diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -1261,7 +1261,8 @@
if (rc == PYSQLITE_TOO_MUCH_SQL) {
PyErr_SetString(pysqlite_Warning, "You can only execute one statement at a time.");
} else if (rc == PYSQLITE_SQL_WRONG_TYPE) {
- PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
+ if (PyErr_ExceptionMatches(PyExc_TypeError))
+ PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string.");
} else {
(void)pysqlite_statement_reset(statement);
_pysqlite_seterror(self->db, NULL);
diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c
--- a/Modules/_sqlite/statement.c
+++ b/Modules/_sqlite/statement.c
@@ -63,6 +63,10 @@
rc = PYSQLITE_SQL_WRONG_TYPE;
return rc;
}
+ if (strlen(sql_cstr) != (size_t)sql_cstr_len) {
+ PyErr_SetString(PyExc_ValueError, "the query contains a null character");
+ return PYSQLITE_SQL_WRONG_TYPE;
+ }
self->in_weakreflist = NULL;
Py_INCREF(sql);
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list