Fossil

Check-in [3f193ba6]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Increase the stack size limit to 8MB. Disable stack and heap size limits prior to invoking subprocesses.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:3f193ba61011737fecfa67b038579a24870ef5b8031853ebf992709082c90a20
User & Date: drh 2017-06-24 13:59:34
Context
2017-06-24
16:28
Fixed "integer constant is too large for long type" warning on 32-bit Linux check-in: caf26817 user: andygoth tags: trunk
13:59
Increase the stack size limit to 8MB. Disable stack and heap size limits prior to invoking subprocesses. check-in: 3f193ba6 user: drh tags: trunk
13:38
Update the built-in SQLite and SQL command shell to the latest from upstream. check-in: 42d151cc user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/main.c.

552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
int main(int argc, char **argv)
#endif
{
  const char *zCmdName = "unknown";
  const CmdOrPage *pCmd = 0;
  int rc;

  /* Limit the total amount of heap and stack space available to 
  ** Fossil as a defense against "stack clash" attacks.  64-bit systems
  ** have much larger limits than 32-bit systems. */
  if( sizeof(pCmd)==4 ){
    fossil_limit_memory( 1000000000, 2000000); /* 32-bit systems */
  }else{
    fossil_limit_memory(10000000000, 2000000); /* 64-bit systems */
  }

  if( sqlite3_libversion_number()<3014000 ){
    fossil_fatal("Unsuitable SQLite version %s, must be at least 3.14.0",
                 sqlite3_libversion());
  }
  sqlite3_config(SQLITE_CONFIG_MULTITHREAD);
  sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0);
  memset(&g, 0, sizeof(g));







<
<
<
<
<
<
|
<
<







552
553
554
555
556
557
558






559


560
561
562
563
564
565
566
int main(int argc, char **argv)
#endif
{
  const char *zCmdName = "unknown";
  const CmdOrPage *pCmd = 0;
  int rc;







  fossil_limit_memory(1);


  if( sqlite3_libversion_number()<3014000 ){
    fossil_fatal("Unsuitable SQLite version %s, must be at least 3.14.0",
                 sqlite3_libversion());
  }
  sqlite3_config(SQLITE_CONFIG_MULTITHREAD);
  sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0);
  memset(&g, 0, sizeof(g));

Changes to src/util.c.

142
143
144
145
146
147
148

149

150
151
152
153
154
155
156
...
447
448
449
450
451
452
453
454




455
456
457


458
459
460
461
462
463




464

465

466
467
468
469
470
471



472
473
474
475
476
477
  ** either via CGI, SCGI, or direct HTTP.  The following assert verifies
  ** this.  And the following assert proves that Fossil is not vulnerable
  ** to the ShellShock or BashDoor bug.
  */
  assert( g.cgiOutput==0 );

  /* The regular system() call works to get a shell on unix */

  rc = system(zOrigCmd);

#endif
  return rc;
}

/*
** Like strcmp() except that it accepts NULL pointers.  NULL sorts before
** all non-NULL string pointers.  Also, this strcmp() is a binary comparison
................................................................................
  }
  sqlite3_file_control(db, 0, SQLITE_FCNTL_TEMPFILENAME, (void*)&zTFile);
  if( g.db==0 ) sqlite3_close(db);
  return zTFile;
}

/*
** Limit the total amount of memory available to Fossil




*/
void fossil_limit_memory(sqlite3_int64 nHeap, sqlite3_int64 nStack){
#if defined(__unix__)


  struct rlimit x;

#if defined(RLIMIT_DATA)
  getrlimit(RLIMIT_DATA, &x);
  if( sizeof(x.rlim_cur)<8 && nHeap>0x7fffffff ){
    nHeap = 0x7fffffff;




  }

  x.rlim_cur = (rlim_t)nHeap;

  setrlimit(RLIMIT_DATA, &x);
#endif /* defined(RLIMIT_DATA) */
#if defined(RLIMIT_STACK)
  getrlimit(RLIMIT_STACK, &x);
  if( sizeof(x.rlim_cur)<8 && nStack>0x7fffffff ){
    nStack = 0x7fffffff;



  }
  x.rlim_cur = (rlim_t)nStack;
  setrlimit(RLIMIT_STACK, &x);
#endif /* defined(RLIMIT_STACK) */
#endif /* defined(__unix__) */
}







>

>







 







|
>
>
>
>

|

>
>




|
|
>
>
>
>
|
>
|
>




|
|
>
>
>

<




142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
...
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489

490
491
492
493
  ** either via CGI, SCGI, or direct HTTP.  The following assert verifies
  ** this.  And the following assert proves that Fossil is not vulnerable
  ** to the ShellShock or BashDoor bug.
  */
  assert( g.cgiOutput==0 );

  /* The regular system() call works to get a shell on unix */
  fossil_limit_memory(0);
  rc = system(zOrigCmd);
  fossil_limit_memory(1);
#endif
  return rc;
}

/*
** Like strcmp() except that it accepts NULL pointers.  NULL sorts before
** all non-NULL string pointers.  Also, this strcmp() is a binary comparison
................................................................................
  }
  sqlite3_file_control(db, 0, SQLITE_FCNTL_TEMPFILENAME, (void*)&zTFile);
  if( g.db==0 ) sqlite3_close(db);
  return zTFile;
}

/*
** Turn memory limits for stack and heap on and off.  The argument
** is true to turn memory limits on and false to turn them off.
**
** Memory limits should be enabled at startup, but then turned off
** before starting subprocesses.
*/
void fossil_limit_memory(int onOff){
#if defined(__unix__)
  static sqlite3_int64 origHeap = 10000000000;  /* 10GB */
  static sqlite3_int64 origStack =    8000000;  /*  8MB */
  struct rlimit x;

#if defined(RLIMIT_DATA)
  getrlimit(RLIMIT_DATA, &x);
  if( onOff ){
    origHeap = x.rlim_cur;
    if( sizeof(void*)<8 || sizeof(x.rlim_cur)<8 ){
      x.rlim_cur =  1000000000;  /* 1GB on 32-bit systems */
    }else{
      x.rlim_cur = 10000000000;  /* 10GB on 64-bit systems */
    }
  }else{
    x.rlim_cur = origHeap;
  }
  setrlimit(RLIMIT_DATA, &x);
#endif /* defined(RLIMIT_DATA) */
#if defined(RLIMIT_STACK)
  getrlimit(RLIMIT_STACK, &x);
  if( onOff ){
    origStack = x.rlim_cur;
    x.rlim_cur =  8000000;  /* 8MB */
  }else{
    x.rlim_cur = origStack;
  }

  setrlimit(RLIMIT_STACK, &x);
#endif /* defined(RLIMIT_STACK) */
#endif /* defined(__unix__) */
}