Fix #50 and #51

utelle · utelle · commit e89ac7c9f7b9 · 2021-10-09T18:49:03.000+02:00
If some of the cipher schemes are excluded from compilation, executing cipher-related pragmas could lead to crashes due to wrong indexing based on the numeric cipher ids. Numeric cipher ids are now handled correctly.

Note: The default configuration with all cipher schemes enabled is not affected.
diff --git a/src/cipher_common.c b/src/cipher_common.c
@@ -96,6 +96,7 @@ sqlite3mcCloneCodecParameterTable()
     {
       CipherParams* params = globalCodecParameterTable[j].m_params;
       cloneCodecParams[j].m_name = globalCodecParameterTable[j].m_name;
+      cloneCodecParams[j].m_id = globalCodecParameterTable[j].m_id;
       cloneCodecParams[j].m_params = &cloneCipherParams[offset];
       for (n = 0; strlen(params[n].m_name) > 0; ++n);
       /* Copy all parameters of the current table (including sentinel) */
@@ -110,6 +111,7 @@ sqlite3mcCloneCodecParameterTable()
       offset += (n + 1);
     }
     cloneCodecParams[nTables].m_name = globalCodecParameterTable[nTables].m_name;
+    cloneCodecParams[nTables].m_id = globalCodecParameterTable[nTables].m_id;
     cloneCodecParams[nTables].m_params = NULL;
   }
   else
@@ -193,8 +195,20 @@ sqlite3mcGetCipherType(sqlite3* db)
 SQLITE_PRIVATE CipherParams*
 sqlite3mcGetCipherParams(sqlite3* db, int cypherType)
 {
+  int j = 0;
   CodecParameter* codecParams = (db != NULL) ? sqlite3mcGetCodecParams(db) : globalCodecParameterTable;
-  CipherParams* cipherParamTable = (codecParams != NULL) ? codecParams[cypherType].m_params : globalCodecParameterTable[cypherType].m_params;
+  if (codecParams == NULL)
+  {
+    codecParams = globalCodecParameterTable;
+  }
+  if (cypherType > 0)
+  {
+    for (j = 1; codecParams[j].m_id > 0; ++j)
+    {
+      if (cypherType == codecParams[j].m_id) break;
+    }
+  }
+  CipherParams* cipherParamTable = codecParams[j].m_params;
   return cipherParamTable;
 }
 
diff --git a/src/cipher_config.c b/src/cipher_config.c
@@ -97,13 +97,23 @@ sqlite3mc_config(sqlite3* db, const char* paramName, int newValue)
     value = (hasDefaultPrefix) ? param->m_default : (hasMinPrefix) ? param->m_minValue : (hasMaxPrefix) ? param->m_maxValue : param->m_value;
     if (!hasMinPrefix && !hasMaxPrefix && newValue >= 0 && newValue >= param->m_minValue && newValue <= param->m_maxValue)
     {
-      /* Do not allow to change the default value for parameter "hmac_check" */
-      if (hasDefaultPrefix && (sqlite3_stricmp(paramName, "hmac_check") != 0))
+      int allowChange = 1;
+      /* Allow cipher change only if new cipher is actually available */
+      if (sqlite3_stricmp(paramName, "cipher") == 0)
       {
-        param->m_default = newValue;
+        allowChange = (codecDescriptorTable[newValue - 1] != &mcDummyDescriptor);
+      }
+
+      if (allowChange)
+      {
+        /* Do not allow to change the default value for parameter "hmac_check" */
+        if (hasDefaultPrefix && (sqlite3_stricmp(paramName, "hmac_check") != 0))
+        {
+          param->m_default = newValue;
+        }
+        param->m_value = newValue;
+        value = newValue;
       }
-      param->m_value = newValue;
-      value = newValue;
     }
     if (db != NULL)
     {
@@ -758,27 +768,29 @@ sqlite3mcFileControlPragma(sqlite3* db, const char* zDbName, int op, void* pArg)
     pragmaValue = ((char**) pArg)[2];
     if (sqlite3StrICmp(pragmaName, "cipher") == 0)
     {
-      int j = -1;
+      int cipherId = -1;
       if (pragmaValue != NULL)
       {
+        int j = 1;
         /* Try to locate the cipher name */
         for (j = 1; strlen(globalCodecParameterTable[j].m_name) > 0; ++j)
         {
           if (sqlite3_stricmp(pragmaValue, globalCodecParameterTable[j].m_name) == 0) break;
         }
+        cipherId = (strlen(globalCodecParameterTable[j].m_name) > 0) ? globalCodecParameterTable[j].m_id : CODEC_TYPE_UNKNOWN;
       }
 
-      /* j is the index of the cipher name, if found */
-      if ((j == -1) || (strlen(globalCodecParameterTable[j].m_name) > 0))
+      /* cipherId is the numeric id of the cipher name, if found */
+      if ((cipherId == -1) || (cipherId > 0 && cipherId <= CODEC_TYPE_MAX))
       {
         int value;
         if (configDefault)
         {
-          value = sqlite3mc_config(db, "default:cipher", j);
+          value = sqlite3mc_config(db, "default:cipher", cipherId);
         }
         else
         {
-          value = sqlite3mc_config(db, "cipher", j);
+          value = sqlite3mc_config(db, "cipher", cipherId);
         }
         rc = SQLITE_OK;
         ((char**)pArg)[0] = sqlite3_mprintf("%s", codecDescriptorTable[value - 1]->m_name);

Original file line number	Diff line number	Diff line change
`@@ -97,13 +97,23 @@ sqlite3mc_config(sqlite3* db, const char* paramName, int newValue)`
`97`	`97`	`value = (hasDefaultPrefix) ? param->m_default : (hasMinPrefix) ? param->m_minValue : (hasMaxPrefix) ? param->m_maxValue : param->m_value;`
`98`	`98`	`if (!hasMinPrefix && !hasMaxPrefix && newValue >= 0 && newValue >= param->m_minValue && newValue <= param->m_maxValue)`
`99`	`99`	`{`
`100`		`- /* Do not allow to change the default value for parameter "hmac_check" */`
`101`		`- if (hasDefaultPrefix && (sqlite3_stricmp(paramName, "hmac_check") != 0))`
	`100`	`+ int allowChange = 1;`
	`101`	`+ /* Allow cipher change only if new cipher is actually available */`
	`102`	`+ if (sqlite3_stricmp(paramName, "cipher") == 0)`
`102`	`103`	`{`
`103`		`- param->m_default = newValue;`
	`104`	`+ allowChange = (codecDescriptorTable[newValue - 1] != &mcDummyDescriptor);`
	`105`	`+ }`
	`106`	`+`
	`107`	`+ if (allowChange)`
	`108`	`+ {`
	`109`	`+ /* Do not allow to change the default value for parameter "hmac_check" */`
	`110`	`+ if (hasDefaultPrefix && (sqlite3_stricmp(paramName, "hmac_check") != 0))`
	`111`	`+ {`
	`112`	`+ param->m_default = newValue;`
	`113`	`+ }`
	`114`	`+ param->m_value = newValue;`
	`115`	`+ value = newValue;`
`104`	`116`	`}`
`105`		`- param->m_value = newValue;`
`106`		`- value = newValue;`
`107`	`117`	`}`
`108`	`118`	`if (db != NULL)`
`109`	`119`	`{`
`@@ -758,27 +768,29 @@ sqlite3mcFileControlPragma(sqlite3* db, const char* zDbName, int op, void* pArg)`
`758`	`768`	`pragmaValue = ((char**) pArg)[2];`
`759`	`769`	`if (sqlite3StrICmp(pragmaName, "cipher") == 0)`
`760`	`770`	`{`
`761`		`- int j = -1;`
	`771`	`+ int cipherId = -1;`
`762`	`772`	`if (pragmaValue != NULL)`
`763`	`773`	`{`
	`774`	`+ int j = 1;`
`764`	`775`	`/* Try to locate the cipher name */`
`765`	`776`	`for (j = 1; strlen(globalCodecParameterTable[j].m_name) > 0; ++j)`
`766`	`777`	`{`
`767`	`778`	`if (sqlite3_stricmp(pragmaValue, globalCodecParameterTable[j].m_name) == 0) break;`
`768`	`779`	`}`
	`780`	`+ cipherId = (strlen(globalCodecParameterTable[j].m_name) > 0) ? globalCodecParameterTable[j].m_id : CODEC_TYPE_UNKNOWN;`
`769`	`781`	`}`
`770`	`782`
`771`		`- /* j is the index of the cipher name, if found */`
`772`		`- if ((j == -1) \|\| (strlen(globalCodecParameterTable[j].m_name) > 0))`
	`783`	`+ /* cipherId is the numeric id of the cipher name, if found */`
	`784`	`+ if ((cipherId == -1) \|\| (cipherId > 0 && cipherId <= CODEC_TYPE_MAX))`
`773`	`785`	`{`
`774`	`786`	`int value;`
`775`	`787`	`if (configDefault)`
`776`	`788`	`{`
`777`		`- value = sqlite3mc_config(db, "default:cipher", j);`
	`789`	`+ value = sqlite3mc_config(db, "default:cipher", cipherId);`
`778`	`790`	`}`
`779`	`791`	`else`
`780`	`792`	`{`
`781`		`- value = sqlite3mc_config(db, "cipher", j);`
	`793`	`+ value = sqlite3mc_config(db, "cipher", cipherId);`
`782`	`794`	`}`
`783`	`795`	`rc = SQLITE_OK;`
`784`	`796`	`((char**)pArg)[0] = sqlite3_mprintf("%s", codecDescriptorTable[value - 1]->m_name);`