diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2014-09-11 10:29:05 (GMT) |
|---|---|---|
| committer | Serhiy Storchaka <storchaka@gmail.com> | 2014-09-11 10:29:05 (GMT) |
| commit | 42d67af87fc2b1d297cce1cd8d762461e009f0a0 (patch) | |
| tree | e9ad2265f9dc6bd1f5aee05f8bc64b0d45a4d3fd | |
| parent | abf68ce16474a2d252723099f1c7a6d640191123 (diff) | |
| download | cpython-42d67af87fc2b1d297cce1cd8d762461e009f0a0.zip cpython-42d67af87fc2b1d297cce1cd8d762461e009f0a0.tar.gz cpython-42d67af87fc2b1d297cce1cd8d762461e009f0a0.tar.bz2 | |
Issue #21147: sqlite3 now raises an exception if the request contains a null
character instead of truncate it. Based on patch by Victor Stinner.
| -rw-r--r-- | Lib/sqlite3/test/regression.py | 10 | ||||
| -rw-r--r-- | Misc/NEWS | 3 | ||||
| -rw-r--r-- | Modules/_sqlite/connection.c | 3 | ||||
| -rw-r--r-- | Modules/_sqlite/statement.c | 4 |
4 files changed, 19 insertions, 1 deletions
diff --git a/Lib/sqlite3/test/regression.py b/Lib/sqlite3/test/regression.py index c557ab6..eaaaa2c 100644 --- a/Lib/sqlite3/test/regression.py +++ b/Lib/sqlite3/test/regression.py @@ -336,6 +336,16 @@ class RegressionTests(unittest.TestCase): sqlite.connect, ":memory:", isolation_level=123) + def CheckNullCharacter(self): + # Issue #21147 + con = sqlite.connect(":memory:") + self.assertRaises(ValueError, con, "\0select 1") + self.assertRaises(ValueError, con, "select 1\0") + cur = con.cursor() + self.assertRaises(ValueError, cur.execute, " \0select 2") + self.assertRaises(ValueError, cur.execute, "select 2\0") + + def suite(): regression_suite = unittest.makeSuite(RegressionTests, "Check") return unittest.TestSuite((regression_suite,)) @@ -32,6 +32,9 @@ Core and Builtins Library ------- +- Issue #21147: sqlite3 now raises an exception if the request contains a null + character instead of truncate it. Based on patch by Victor Stinner. + - Issue #21951: Fixed a crash in Tkinter on AIX when called Tcl command with empty string or tuple argument. diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c index 882424b..535464d 100644 --- a/Modules/_sqlite/connection.c +++ b/Modules/_sqlite/connection.c @@ -1261,7 +1261,8 @@ PyObject* pysqlite_connection_call(pysqlite_Connection* self, PyObject* args, Py if (rc == PYSQLITE_TOO_MUCH_SQL) { PyErr_SetString(pysqlite_Warning, "You can only execute one statement at a time."); } else if (rc == PYSQLITE_SQL_WRONG_TYPE) { - PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode."); + if (PyErr_ExceptionMatches(PyExc_TypeError)) + PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string."); } else { (void)pysqlite_statement_reset(statement); _pysqlite_seterror(self->db, NULL); diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c index 66b4a52..34babfd 100644 --- a/Modules/_sqlite/statement.c +++ b/Modules/_sqlite/statement.c @@ -63,6 +63,10 @@ int pysqlite_statement_create(pysqlite_Statement* self, pysqlite_Connection* con rc = PYSQLITE_SQL_WRONG_TYPE; return rc; } + if (strlen(sql_cstr) != (size_t)sql_cstr_len) { + PyErr_SetString(PyExc_ValueError, "the query contains a null character"); + return PYSQLITE_SQL_WRONG_TYPE; + } self->in_weakreflist = NULL; Py_INCREF(sql); |