File _service:tar_scm:0006-CVE-2022-46908.patch of Package sqlite

From 040177c01a76ccb631bbe19a445f716f0d7b9458 Mon Sep 17 00:00:00 2001
From: zwtmichael <zhuwentao5@huawei.com>
Date: Thu, 15 Dec 2022 09:49:15 +0800
Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs

Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
---
 src/shell.c.in   |  4 ++--
 test/shell2.test | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/shell.c.in b/src/shell.c.in
index 543141c..2c1e013 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -1829,7 +1829,7 @@ static int safeModeAuth(
     "zipfile",
     "zipfile_cds",
   };
-  UNUSED_PARAMETER(zA2);
+  UNUSED_PARAMETER(zA1);
   UNUSED_PARAMETER(zA3);
   UNUSED_PARAMETER(zA4);
   switch( op ){
@@ -1840,7 +1840,7 @@ static int safeModeAuth(
     case SQLITE_FUNCTION: {
       int i;
       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
-        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
+        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
           failIfSafeMode(p, "cannot use the %s() function in safe mode",
                          azProhibitedFunctions[i]);
         }
diff --git a/test/shell2.test b/test/shell2.test
index 6b4dff5..c3777eb 100644
--- a/test/shell2.test
+++ b/test/shell2.test
@@ -188,4 +188,15 @@ b
 2
 }}
 
+# Verify that safe mode rejects certain UDFs
+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
+do_test shell2-1.4.8 {
+  catchcmd "-safe :memory:" {
+ SELECT edit('DoNotCare');}
+} {1 {line 2: cannot use the edit() function in safe mode}}
+do_test shell2-1.4.9 {
+  catchcmd "-safe :memory:" {
+ SELECT writefile('DoNotCare', x'');}
+} {1 {line 2: cannot use the writefile() function in safe mode}}
+
 finish_test