Fix #50 and #51

If some of the cipher schemes are excluded from compilation, executing cipher-related pragmas could lead to crashes due to wrong indexing based on the numeric cipher ids. Numeric cipher ids are now handled correctly. Note: The default configuration with all cipher schemes enabled is not affected.
utelle · Oct 9, 2021 · e89ac7c · e89ac7c
1 parent 1351f06
commit e89ac7c
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 11 deletions.
diff --git a/src/cipher_common.c b/src/cipher_common.c
@@ -96,6 +96,7 @@ sqlite3mcCloneCodecParameterTable()
     {
       CipherParams* params = globalCodecParameterTable[j].m_params;
       cloneCodecParams[j].m_name = globalCodecParameterTable[j].m_name;
+      cloneCodecParams[j].m_id = globalCodecParameterTable[j].m_id;
       cloneCodecParams[j].m_params = &cloneCipherParams[offset];
       for (n = 0; strlen(params[n].m_name) > 0; ++n);
       /* Copy all parameters of the current table (including sentinel) */
@@ -110,6 +111,7 @@ sqlite3mcCloneCodecParameterTable()
       offset += (n + 1);
     }
     cloneCodecParams[nTables].m_name = globalCodecParameterTable[nTables].m_name;
+    cloneCodecParams[nTables].m_id = globalCodecParameterTable[nTables].m_id;
     cloneCodecParams[nTables].m_params = NULL;
   }
   else
@@ -193,8 +195,20 @@ sqlite3mcGetCipherType(sqlite3* db)
 SQLITE_PRIVATE CipherParams*
 sqlite3mcGetCipherParams(sqlite3* db, int cypherType)
 {
+  int j = 0;
   CodecParameter* codecParams = (db != NULL) ? sqlite3mcGetCodecParams(db) : globalCodecParameterTable;
-  CipherParams* cipherParamTable = (codecParams != NULL) ? codecParams[cypherType].m_params : globalCodecParameterTable[cypherType].m_params;
+  if (codecParams == NULL)
+  {
+    codecParams = globalCodecParameterTable;
+  }
+  if (cypherType > 0)
+  {
+    for (j = 1; codecParams[j].m_id > 0; ++j)
+    {
+      if (cypherType == codecParams[j].m_id) break;
+    }
+  }
+  CipherParams* cipherParamTable = codecParams[j].m_params;
   return cipherParamTable;
 }
 

diff --git a/src/cipher_config.c b/src/cipher_config.c
@@ -97,13 +97,23 @@ sqlite3mc_config(sqlite3* db, const char* paramName, int newValue)
     value = (hasDefaultPrefix) ? param->m_default : (hasMinPrefix) ? param->m_minValue : (hasMaxPrefix) ? param->m_maxValue : param->m_value;
     if (!hasMinPrefix && !hasMaxPrefix && newValue >= 0 && newValue >= param->m_minValue && newValue <= param->m_maxValue)
     {
-      /* Do not allow to change the default value for parameter "hmac_check" */
-      if (hasDefaultPrefix && (sqlite3_stricmp(paramName, "hmac_check") != 0))
+      int allowChange = 1;
+      /* Allow cipher change only if new cipher is actually available */
+      if (sqlite3_stricmp(paramName, "cipher") == 0)
       {
-        param->m_default = newValue;
+        allowChange = (codecDescriptorTable[newValue - 1] != &mcDummyDescriptor);
+      }
+
+      if (allowChange)
+      {
+        /* Do not allow to change the default value for parameter "hmac_check" */
+        if (hasDefaultPrefix && (sqlite3_stricmp(paramName, "hmac_check") != 0))
+        {
+          param->m_default = newValue;
+        }
+        param->m_value = newValue;
+        value = newValue;
       }
-      param->m_value = newValue;
-      value = newValue;
     }
     if (db != NULL)
     {
@@ -758,27 +768,29 @@ sqlite3mcFileControlPragma(sqlite3* db, const char* zDbName, int op, void* pArg)
     pragmaValue = ((char**) pArg)[2];
     if (sqlite3StrICmp(pragmaName, "cipher") == 0)
     {
-      int j = -1;
+      int cipherId = -1;
       if (pragmaValue != NULL)
       {
+        int j = 1;
         /* Try to locate the cipher name */
         for (j = 1; strlen(globalCodecParameterTable[j].m_name) > 0; ++j)
         {
           if (sqlite3_stricmp(pragmaValue, globalCodecParameterTable[j].m_name) == 0) break;
         }
+        cipherId = (strlen(globalCodecParameterTable[j].m_name) > 0) ? globalCodecParameterTable[j].m_id : CODEC_TYPE_UNKNOWN;
       }
 
-      /* j is the index of the cipher name, if found */
-      if ((j == -1) || (strlen(globalCodecParameterTable[j].m_name) > 0))
+      /* cipherId is the numeric id of the cipher name, if found */
+      if ((cipherId == -1) || (cipherId > 0 && cipherId <= CODEC_TYPE_MAX))
       {
         int value;
         if (configDefault)
         {
-          value = sqlite3mc_config(db, "default:cipher", j);
+          value = sqlite3mc_config(db, "default:cipher", cipherId);
         }
         else
         {
-          value = sqlite3mc_config(db, "cipher", j);
+          value = sqlite3mc_config(db, "cipher", cipherId);
         }
         rc = SQLITE_OK;
         ((char**)pArg)[0] = sqlite3_mprintf("%s", codecDescriptorTable[value - 1]->m_name);