Only allow SQLite extensions from an allowlist

* src/sqlite.c (Fsqlite_load_extension): Only allow extensions
from an allowlist.

1 files changed, 32 insertions, 0 deletions

diff --git a/test/src/sqlite-tests.el b/test/src/sqlite-tests.el
index 6a88f0fd6ca..d1076e481c4 100644
--- a/test/src/sqlite-tests.el
+++ b/test/src/sqlite-tests.el
@@ -182,4 +182,36 @@
     (sqlite-close db)
     (should-error (sqlite-select db "select * from test6"))))
 
+(ert-deftest sqlite-load-extension ()
+  (skip-unless (sqlite-available-p))
+  (let (db)
+    (setq db (sqlite-open))
+    (should-error
+     (sqlite-load-extension db "/usr/lib/sqlite3/notpcre.so"))
+    (should-error
+     (sqlite-load-extension db "/usr/lib/sqlite3/n"))
+    (should-error
+     (sqlite-load-extension db "/usr/lib/sqlite3/"))
+    (should-error
+     (sqlite-load-extension db "/usr/lib/sqlite3"))
+    (should
+     (memq
+      (sqlite-load-extension db "/usr/lib/sqlite3/pcre.so")
+      '(nil t)))
+
+    (should-error
+     (sqlite-load-extension
+      db "/usr/lib/x86_64-linux-gnu/libsqlite3_mod_notcsvtable.so"))
+    (should-error
+     (sqlite-load-extension
+      db "/usr/lib/x86_64-linux-gnu/libsqlite3_mod_csvtablen.so"))
+    (should-error
+     (sqlite-load-extension
+      db "/usr/lib/x86_64-linux-gnu/libsqlite3_mod_csvtable"))
+    (should
+     (memq
+      (sqlite-load-extension
+       db "/usr/lib/x86_64-linux-gnu/libsqlite3_mod_csvtable.so")
+      '(nil t)))))
+
 ;;; sqlite-tests.el ends here