Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sqlite3_key crashes with a NULL pointer (with #DEFINEs) #90

Closed
anperch opened this issue Sep 8, 2022 · 3 comments
Closed

sqlite3_key crashes with a NULL pointer (with #DEFINEs) #90

anperch opened this issue Sep 8, 2022 · 3 comments

Comments

@anperch
Copy link

anperch commented Sep 8, 2022

Hi,

I have used this #define configuration in my applications till now.

HAVE_CIPHER_AES_128_CBC=0
HAVE_CIPHER_AES_256_CBC=0
HAVE_CIPHER_SQLCIPHER=0
HAVE_CIPHER_RC4=0
HAVE_CIPHER_CHACHA20=1
CODEC_TYPE=CODEC_TYPE_CHACHA20

With 1.5.1, sqlite3_key crashes with a NULL pointer (both VS22 and gcc).

Call stack :

.exe!sqlite3mcGetCipherParameter(_CipherParams * cipherParams, const char * paramName) Line 39 C
.exe!AllocateChaCha20Cipher(sqlite3 * db) Line 73 C
.exe!sqlite3mcCodecSetup(_Codec * codec, int cipherType, char * userPassword, int passwordLength) Line 251 C
.exe!sqlite3mcCodecAttach(sqlite3 * db, int nDb, const char * zKey, const void * nKey, int) Line 280 C
.exe!sqlite3_key_v2(sqlite3 * db, const char * zDbName, const void * zKey, int nKey) Line 359 C

At some point, sqlite3mcGetCipherParams returns a NULL cipherParams pointer that is passed to sqlite3mcGetCipherParameter.

static void*
AllocateChaCha20Cipher(sqlite3* db)
{
ChaCha20Cipher* chacha20Cipher = (ChaCha20Cipher*) sqlite3_malloc(sizeof(ChaCha20Cipher));
if (chacha20Cipher != NULL)
{
memset(chacha20Cipher, 0, sizeof(ChaCha20Cipher));
chacha20Cipher->m_keyLength = KEYLENGTH_CHACHA20;
memset(chacha20Cipher->m_key, 0, KEYLENGTH_CHACHA20);
memset(chacha20Cipher->m_salt, 0, SALTLENGTH_CHACHA20);
}
if (chacha20Cipher != NULL)
{
CipherParams* cipherParams = sqlite3mcGetCipherParams(db, CODEC_TYPE_CHACHA20); <<<<========= cipherParams is NULL at some point
chacha20Cipher->m_legacy = sqlite3mcGetCipherParameter(cipherParams, "legacy"); <<<<========= cipherParams used without a NULL check
chacha20Cipher->m_legacyPageSize = sqlite3mcGetCipherParameter(cipherParams, "legacy_page_size");
chacha20Cipher->m_kdfIter = sqlite3mcGetCipherParameter(cipherParams, "kdf_iter");
if (chacha20Cipher->m_legacy != 0)
{
chacha20Cipher->m_kdfIter = SQLEET_KDF_ITER;
}
}
return chacha20Cipher;
}

  • Without the #defines everything is ok (both VS22 and gcc).

Can you reproduce ?
@utelle
Copy link
Owner

utelle commented Sep 8, 2022

Thanks for reporting. I will take a closer look later today. Most likely I forgot to adjust the code for configuration parameter retrieval to the new cipher scheme registration approach.

utelle added a commit that referenced this issue Sep 8, 2022
@utelle
Fix retrieval of config parameter table (#90)
1be5782 
If some of the builtin cipher schemes are omitted, the retrieval of the cipher configuration parameter table can return an invalid pointer, leading to a crash on activating encryption for a database connection.
@utelle
Copy link
Owner

utelle commented Sep 8, 2022

Commit 1be5782 should fix the issue.

@anperch
Copy link
Author

anperch commented Sep 8, 2022

It seems ok, no more crash.
Thanks !

@anperch anperch closed this as completed Sep 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anperch @utelle