Fix retrieval of config parameter table (#90)

If some of the builtin cipher schemes are omitted, the retrieval of the cipher configuration parameter table can return an invalid pointer, leading to a crash on activating encryption for a database connection.
utelle · Sep 8, 2022 · 1be5782 · 1be5782
1 parent 4a1f4f8
commit 1be5782
Show file tree

Hide file tree

Showing 10 changed files with 87 additions and 66 deletions.
diff --git a/configure.ac b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (C) 2019-2022 Ulrich Telle <ulrich@telle-online.de>
 dnl
 dnl This file is covered by the same licence as the entire SQLite3 Multiple Ciphers package.
 
-AC_INIT([sqlite3mc], [1.5.1], [ulrich@telle-online.de])
+AC_INIT([sqlite3mc], [1.5.2], [ulrich@telle-online.de])
 
 dnl This is the version tested with, might work with earlier ones.
 AC_PREREQ([2.69])

diff --git a/readme.md b/readme.md
@@ -10,6 +10,9 @@ The code was mainly developed under Windows, but was tested under Linux as well.
 
 ## Version history
 
+* 1.5.2 - *September 2022*
+  - Based on SQLite version 3.39.3
+  - Fixed retrieval of configuration parameter table
 * 1.5.1 - *September 2022*
   - Based on SQLite version 3.39.3
   - Fixed a bug in shutdown code

diff --git a/src/cipher_chacha20.c b/src/cipher_chacha20.c
@@ -12,6 +12,8 @@
 /* --- ChaCha20-Poly1305 cipher (plus sqleet variant) --- */
 #if HAVE_CIPHER_CHACHA20
 
+#define CIPHER_NAME_CHACHA20 "chacha20"
+
 /*
 ** Configuration parameters for "chacha20"
 **
@@ -68,7 +70,7 @@ AllocateChaCha20Cipher(sqlite3* db)
   }
   if (chacha20Cipher != NULL)
   {
-    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CODEC_TYPE_CHACHA20);
+    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CIPHER_NAME_CHACHA20);
     chacha20Cipher->m_legacy = sqlite3mcGetCipherParameter(cipherParams, "legacy");
     chacha20Cipher->m_legacyPageSize = sqlite3mcGetCipherParameter(cipherParams, "legacy_page_size");
     chacha20Cipher->m_kdfIter = sqlite3mcGetCipherParameter(cipherParams, "kdf_iter");
@@ -364,15 +366,16 @@ DecryptPageChaCha20Cipher(void* cipher, int page, unsigned char* data, int len,
 
 SQLITE_PRIVATE const CipherDescriptor mcChaCha20Descriptor =
 {
-  "chacha20",  AllocateChaCha20Cipher,
-               FreeChaCha20Cipher,
-               CloneChaCha20Cipher,
-               GetLegacyChaCha20Cipher,
-               GetPageSizeChaCha20Cipher,
-               GetReservedChaCha20Cipher,
-               GetSaltChaCha20Cipher,
-               GenerateKeyChaCha20Cipher,
-               EncryptPageChaCha20Cipher,
-               DecryptPageChaCha20Cipher
+  CIPHER_NAME_CHACHA20,
+  AllocateChaCha20Cipher,
+  FreeChaCha20Cipher,
+  CloneChaCha20Cipher,
+  GetLegacyChaCha20Cipher,
+  GetPageSizeChaCha20Cipher,
+  GetReservedChaCha20Cipher,
+  GetSaltChaCha20Cipher,
+  GenerateKeyChaCha20Cipher,
+  EncryptPageChaCha20Cipher,
+  DecryptPageChaCha20Cipher
 };
 #endif
diff --git a/src/cipher_common.c b/src/cipher_common.c
@@ -29,8 +29,10 @@ static CipherParams commonParams[] =
   CIPHER_PARAMS_SENTINEL
 };
 
-static CodecParameter globalCommonParams   = { "global", CODEC_TYPE_UNKNOWN, commonParams };
-static CodecParameter globalSentinelParams = { "",       CODEC_TYPE_UNKNOWN, NULL };
+#define CIPHER_NAME_GLOBAL "global"
+
+static CodecParameter globalCommonParams   = { CIPHER_NAME_GLOBAL, CODEC_TYPE_UNKNOWN, commonParams };
+static CodecParameter globalSentinelParams = { "",                 CODEC_TYPE_UNKNOWN, NULL };
 
 SQLITE_PRIVATE int
 sqlite3mcGetCipherParameter(CipherParams* cipherParams, const char* paramName)
@@ -157,19 +159,20 @@ sqlite3mcGetCipherType(sqlite3* db)
 }
 
 SQLITE_PRIVATE CipherParams*
-sqlite3mcGetCipherParams(sqlite3* db, int cypherType)
+sqlite3mcGetCipherParams(sqlite3* db, const char* cipherName)
 {
   int j = 0;
+  int cipherType = sqlite3mc_cipher_index(cipherName);
   CodecParameter* codecParams = (db != NULL) ? sqlite3mcGetCodecParams(db) : globalCodecParameterTable;
   if (codecParams == NULL)
   {
     codecParams = globalCodecParameterTable;
   }
-  if (cypherType > 0)
+  if (cipherType > 0)
   {
     for (j = 1; codecParams[j].m_id > 0; ++j)
     {
-      if (cypherType == codecParams[j].m_id) break;
+      if (cipherType == codecParams[j].m_id) break;
     }
   }
   CipherParams* cipherParamTable = codecParams[j].m_params;
@@ -241,7 +244,7 @@ SQLITE_PRIVATE int
 sqlite3mcCodecSetup(Codec* codec, int cipherType, char* userPassword, int passwordLength)
 {
   int rc = SQLITE_OK;
-  CipherParams* globalParams = sqlite3mcGetCipherParams(codec->m_db, 0);
+  CipherParams* globalParams = sqlite3mcGetCipherParams(codec->m_db, CIPHER_NAME_GLOBAL);
   codec->m_isEncrypted = 1;
   codec->m_hmacCheck = sqlite3mcGetCipherParameter(globalParams, "hmac_check");
   codec->m_walLegacy = sqlite3mcGetCipherParameter(globalParams, "mc_legacy_wal");
@@ -266,7 +269,7 @@ SQLITE_PRIVATE int
 sqlite3mcSetupWriteCipher(Codec* codec, int cipherType, char* userPassword, int passwordLength)
 {
   int rc = SQLITE_OK;
-  CipherParams* globalParams = sqlite3mcGetCipherParams(codec->m_db, 0);
+  CipherParams* globalParams = sqlite3mcGetCipherParams(codec->m_db, CIPHER_NAME_GLOBAL);
   if (codec->m_writeCipher != NULL)
   {
     globalCodecDescriptorTable[codec->m_writeCipherType-1].m_freeCipher(codec->m_writeCipher);

diff --git a/src/cipher_common.h b/src/cipher_common.h
@@ -98,7 +98,7 @@ SQLITE_PRIVATE int sqlite3mcGetCipherParameter(CipherParams* cipherParams, const
 
 SQLITE_PRIVATE int sqlite3mcGetCipherType(sqlite3* db);
 
-SQLITE_PRIVATE CipherParams* sqlite3mcGetCipherParams(sqlite3* db, int cypherType);
+SQLITE_PRIVATE CipherParams* sqlite3mcGetCipherParams(sqlite3* db, const char* cipherName);
 
 SQLITE_PRIVATE int sqlite3mcCodecInit(Codec* codec);
 

diff --git a/src/cipher_sds_rc4.c b/src/cipher_sds_rc4.c
@@ -12,6 +12,8 @@
 /* --- RC4 cipher (System.Data.SQLite) --- */
 #if HAVE_CIPHER_RC4
 
+#define CIPHER_NAME_RC4 "rc4"
+
 /*
 ** Configuration parameters for "rc4"
 **
@@ -52,7 +54,7 @@ AllocateRC4Cipher(sqlite3* db)
   }
   if (rc4Cipher != NULL)
   {
-    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CODEC_TYPE_RC4);
+    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CIPHER_NAME_RC4);
     rc4Cipher->m_legacy = sqlite3mcGetCipherParameter(cipherParams, "legacy");
     rc4Cipher->m_legacyPageSize = sqlite3mcGetCipherParameter(cipherParams, "legacy_page_size");
   }
@@ -155,15 +157,16 @@ DecryptPageRC4Cipher(void* cipher, int page, unsigned char* data, int len, int r
 
 SQLITE_PRIVATE const CipherDescriptor mcRC4Descriptor =
 {
-  "rc4",       AllocateRC4Cipher,
-               FreeRC4Cipher,
-               CloneRC4Cipher,
-               GetLegacyRC4Cipher,
-               GetPageSizeRC4Cipher,
-               GetReservedRC4Cipher,
-               GetSaltRC4Cipher,
-               GenerateKeyRC4Cipher,
-               EncryptPageRC4Cipher,
-               DecryptPageRC4Cipher
+  CIPHER_NAME_RC4,
+  AllocateRC4Cipher,
+  FreeRC4Cipher,
+  CloneRC4Cipher,
+  GetLegacyRC4Cipher,
+  GetPageSizeRC4Cipher,
+  GetReservedRC4Cipher,
+  GetSaltRC4Cipher,
+  GenerateKeyRC4Cipher,
+  EncryptPageRC4Cipher,
+  DecryptPageRC4Cipher
 };
 #endif
diff --git a/src/cipher_sqlcipher.c b/src/cipher_sqlcipher.c
@@ -12,6 +12,8 @@
 /* --- SQLCipher AES256CBC-HMAC cipher --- */
 #if HAVE_CIPHER_SQLCIPHER
 
+#define CIPHER_NAME_SQLCIPHER "sqlcipher"
+
 /*
 ** Configuration parameters for "sqlcipher"
 **
@@ -127,7 +129,7 @@ AllocateSQLCipherCipher(sqlite3* db)
   }
   if (sqlCipherCipher != NULL)
   {
-    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CODEC_TYPE_SQLCIPHER);
+    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CIPHER_NAME_SQLCIPHER);
     sqlCipherCipher->m_legacy = sqlite3mcGetCipherParameter(cipherParams, "legacy");
     sqlCipherCipher->m_legacyPageSize = sqlite3mcGetCipherParameter(cipherParams, "legacy_page_size");
     sqlCipherCipher->m_kdfIter = sqlite3mcGetCipherParameter(cipherParams, "kdf_iter");
@@ -500,15 +502,16 @@ DecryptPageSQLCipherCipher(void* cipher, int page, unsigned char* data, int len,
 }
 SQLITE_PRIVATE const CipherDescriptor mcSQLCipherDescriptor =
 {
-  "sqlcipher", AllocateSQLCipherCipher,
-               FreeSQLCipherCipher,
-               CloneSQLCipherCipher,
-               GetLegacySQLCipherCipher,
-               GetPageSizeSQLCipherCipher,
-               GetReservedSQLCipherCipher,
-               GetSaltSQLCipherCipher,
-               GenerateKeySQLCipherCipher,
-               EncryptPageSQLCipherCipher,
-               DecryptPageSQLCipherCipher
+  CIPHER_NAME_SQLCIPHER,
+  AllocateSQLCipherCipher,
+  FreeSQLCipherCipher,
+  CloneSQLCipherCipher,
+  GetLegacySQLCipherCipher,
+  GetPageSizeSQLCipherCipher,
+  GetReservedSQLCipherCipher,
+  GetSaltSQLCipherCipher,
+  GenerateKeySQLCipherCipher,
+  EncryptPageSQLCipherCipher,
+  DecryptPageSQLCipherCipher
 };
 #endif
diff --git a/src/cipher_wxaes128.c b/src/cipher_wxaes128.c
@@ -12,6 +12,8 @@
 /* --- AES 128-bit cipher (wxSQLite3) --- */
 #if HAVE_CIPHER_AES_128_CBC
 
+#define CIPHER_NAME_AES128 "aes128cbc"
+
 /*
 ** Configuration parameters for "aes128cbc"
 **
@@ -62,7 +64,7 @@ AllocateAES128Cipher(sqlite3* db)
   }
   if (aesCipher != NULL)
   {
-    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CODEC_TYPE_AES128);
+    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CIPHER_NAME_AES128);
     aesCipher->m_legacy = sqlite3mcGetCipherParameter(cipherParams, "legacy");
     aesCipher->m_legacyPageSize = sqlite3mcGetCipherParameter(cipherParams, "legacy_page_size");
   }
@@ -266,15 +268,16 @@ DecryptPageAES128Cipher(void* cipher, int page, unsigned char* data, int len, in
 
 SQLITE_PRIVATE const CipherDescriptor mcAES128Descriptor =
 {
- "aes128cbc", AllocateAES128Cipher,
-              FreeAES128Cipher,
-              CloneAES128Cipher,
-              GetLegacyAES128Cipher,
-              GetPageSizeAES128Cipher,
-              GetReservedAES128Cipher,
-              GetSaltAES128Cipher,
-              GenerateKeyAES128Cipher,
-              EncryptPageAES128Cipher,
-              DecryptPageAES128Cipher
+  CIPHER_NAME_AES128,
+  AllocateAES128Cipher,
+  FreeAES128Cipher,
+  CloneAES128Cipher,
+  GetLegacyAES128Cipher,
+  GetPageSizeAES128Cipher,
+  GetReservedAES128Cipher,
+  GetSaltAES128Cipher,
+  GenerateKeyAES128Cipher,
+  EncryptPageAES128Cipher,
+  DecryptPageAES128Cipher
 };
 #endif
diff --git a/src/cipher_wxaes256.c b/src/cipher_wxaes256.c
@@ -12,6 +12,8 @@
 /* --- AES 256-bit cipher (wxSQLite3) --- */
 #if HAVE_CIPHER_AES_256_CBC
 
+#define CIPHER_NAME_AES256 "aes256cbc"
+
 /*
 ** Configuration parameters for "aes256cbc"
 **
@@ -66,7 +68,7 @@ AllocateAES256Cipher(sqlite3* db)
   }
   if (aesCipher != NULL)
   {
-    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CODEC_TYPE_AES256);
+    CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CIPHER_NAME_AES256);
     aesCipher->m_legacy = sqlite3mcGetCipherParameter(cipherParams, "legacy");
     aesCipher->m_legacyPageSize = sqlite3mcGetCipherParameter(cipherParams, "legacy_page_size");
     aesCipher->m_kdfIter = sqlite3mcGetCipherParameter(cipherParams, "kdf_iter");
@@ -234,15 +236,16 @@ DecryptPageAES256Cipher(void* cipher, int page, unsigned char* data, int len, in
 
 SQLITE_PRIVATE const CipherDescriptor mcAES256Descriptor =
 {
-  "aes256cbc", AllocateAES256Cipher,
-               FreeAES256Cipher,
-               CloneAES256Cipher,
-               GetLegacyAES256Cipher,
-               GetPageSizeAES256Cipher,
-               GetReservedAES256Cipher,
-               GetSaltAES256Cipher,
-               GenerateKeyAES256Cipher,
-               EncryptPageAES256Cipher,
-               DecryptPageAES256Cipher
+  CIPHER_NAME_AES256,
+  AllocateAES256Cipher,
+  FreeAES256Cipher,
+  CloneAES256Cipher,
+  GetLegacyAES256Cipher,
+  GetPageSizeAES256Cipher,
+  GetReservedAES256Cipher,
+  GetSaltAES256Cipher,
+  GenerateKeyAES256Cipher,
+  EncryptPageAES256Cipher,
+  DecryptPageAES256Cipher
 };
 #endif
diff --git a/src/sqlite3mc_version.h b/src/sqlite3mc_version.h
@@ -14,8 +14,8 @@
 
 #define SQLITE3MC_VERSION_MAJOR      1
 #define SQLITE3MC_VERSION_MINOR      5
-#define SQLITE3MC_VERSION_RELEASE    1
+#define SQLITE3MC_VERSION_RELEASE    2
 #define SQLITE3MC_VERSION_SUBRELEASE 0
-#define SQLITE3MC_VERSION_STRING     "SQLite3 Multiple Ciphers 1.5.1"
+#define SQLITE3MC_VERSION_STRING     "SQLite3 Multiple Ciphers 1.5.2"
 
 #endif /* SQLITE3MC_VERSION_H_ */