Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss failures.
authorRobert Relyea <rrelyea@redhat.com>
Tue, 20 Jul 2021 14:17:47 -0700
changeset 15964 f2d34a957599067e31bc035ed5df357c620fc035
parent 15963 f12856d5d2c2fefd9be075e280cd55efdb4dfed2
child 15965 8f41147c21926a70a1163f9b91b01b735ed621f1
push id3998
push userrrelyea@redhat.com
push dateWed, 21 Jul 2021 18:46:50 +0000
bugs1721476
Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss failures. https://sqlite.org/forum/info/42cf8e985bb051a2 sqlite is now permissive on opening a readonly file even if you ask for the file to be opened R/W. normally sqlite is very conservative in changing it's underlying semantics, but evidently they chose convience over compatibility. NSS now needs to check the file permissions itself to preserve nss semantics. Differential Revision: https://phabricator.services.mozilla.com/D120406
lib/softoken/sdb.c
--- a/lib/softoken/sdb.c
+++ b/lib/softoken/sdb.c
@@ -685,16 +685,21 @@ sdb_openDB(const char *name, sqlite3 **s
     int openFlags;
 
     *sqlDB = NULL;
 
     if (flags & SDB_RDONLY) {
         openFlags = SQLITE_OPEN_READONLY;
     } else {
         openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
+        /* sqlite 3.34 seem to incorrectly open readwrite.
+        * when the file is readonly. Explicitly reject that issue here */
+        if ((_NSSUTIL_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS) && (_NSSUTIL_Access(name, PR_ACCESS_WRITE_OK) != PR_SUCCESS)) {
+            return SQLITE_READONLY;
+        }
     }
 
     /* Requires SQLite 3.5.0 or newer. */
     sqlerr = sqlite3_open_v2(name, sqlDB, openFlags, NULL);
     if (sqlerr != SQLITE_OK) {
         return sqlerr;
     }