From 41801f581202ab8fab149465d10568003c9a8aad Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Sun, 21 Jul 2013 13:05:38 +0200 Subject: [PATCH] Issue #18519, #18408: Fix sqlite authorizer callback If a previous call to the authorizer callback failed and raised an exception, don't call the Python authorizer callback, but just return SQLITE_DENY. --- Modules/_sqlite/connection.c | 38 ++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c index 6a58431aa6c..ed4ae1c197e 100644 --- a/Modules/_sqlite/connection.c +++ b/Modules/_sqlite/connection.c @@ -883,25 +883,33 @@ static int _authorizer_callback(void* user_arg, int action, const char* arg1, co gilstate = PyGILState_Ensure(); #endif - ret = PyObject_CallFunction((PyObject*)user_arg, "issss", action, arg1, arg2, dbname, access_attempt_source); - if (!ret) { - if (_enable_callback_tracebacks) { - PyErr_Print(); - } else { - PyErr_Clear(); - } + if (!PyErr_Occurred()) { + ret = PyObject_CallFunction((PyObject*)user_arg, "issss", action, arg1, arg2, dbname, access_attempt_source); + + if (!ret) { + if (_enable_callback_tracebacks) { + PyErr_Print(); + } else { + PyErr_Clear(); + } - rc = SQLITE_DENY; - } else { - if (PyLong_Check(ret)) { - rc = _PyLong_AsInt(ret); - if (rc == -1 && PyErr_Occurred()) - rc = SQLITE_DENY; - } else { rc = SQLITE_DENY; + } else { + if (PyLong_Check(ret)) { + rc = _PyLong_AsInt(ret); + if (rc == -1 && PyErr_Occurred()) + rc = SQLITE_DENY; + } else { + rc = SQLITE_DENY; + } + Py_DECREF(ret); } - Py_DECREF(ret); + } + else { + /* A previous call to the authorizer callback failed and raised an + exception: don't call the Python authorizer callback */ + rc = SQLITE_DENY; } #ifdef WITH_THREAD