Add check for encryption support (fix issue utelle#168)

Functions sqlite3_key_v2 and sqlite3_rekey_v2 now check whether the associated VFS supports encryption. If not, SQLITE_ERROR is returned.
Qriist · Jun 11, 2024 · 5208c16 · 5208c16
1 parent 4856e93
commit 5208c16
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/src/cipher_common.c b/src/cipher_common.c
@@ -415,7 +415,7 @@ sqlite3mcGetLegacyWriteCipher(Codec* codec)
 SQLITE_PRIVATE int
 sqlite3mcGetPageSizeReadCipher(Codec* codec)
 {
-  int pageSize = (codec->m_hasReadCipher  && codec->m_readCipher != NULL) ? globalCodecDescriptorTable[codec->m_readCipherType - 1].m_getPageSize(codec->m_readCipher) : 0;
+  int pageSize = (codec->m_hasReadCipher  && codec->m_readCipher != NULL) ? globalCodecDescriptorTable[codec->m_readCipherType - 1].m_getPageSize(codec->m_readCipher) : -1;
   return pageSize;
 }
 

diff --git a/src/codecext.c b/src/codecext.c
@@ -178,6 +178,9 @@ sqlite3mcGetMainCodec(sqlite3* db);
 SQLITE_PRIVATE void
 sqlite3mcSetCodec(sqlite3* db, const char* zDbName, const char* zFileName, Codec* codec);
 
+SQLITE_PRIVATE int
+sqlite3mcIsEncryptionSupported(sqlite3* db, const char* zDbName);
+
 static int
 mcAdjustBtree(Btree* pBt, int nPageSize, int nReserved, int isLegacy)
 {
@@ -336,6 +339,11 @@ SQLITE_API int
 sqlite3_key_v2(sqlite3* db, const char* zDbName, const void* zKey, int nKey)
 {
   int rc = SQLITE_ERROR;
+  if (!sqlite3mcIsEncryptionSupported(db, zDbName))
+  {
+    sqlite3ErrorWithMsg(db, rc, "Setting key failed. Encryption is not supported by the VFS.");
+    return rc;
+  }
   if (zKey != NULL && nKey < 0)
   {
     /* Key is zero-terminated string */
@@ -392,6 +400,11 @@ sqlite3_rekey_v2(sqlite3* db, const char* zDbName, const void* zKey, int nKey)
   int rc = SQLITE_ERROR;
   char* err = NULL;
 
+  if (!sqlite3mcIsEncryptionSupported(db, zDbName))
+  {
+    sqlite3ErrorWithMsg(db, rc, "Rekeying failed. Encryption is not supported by the VFS.");
+    return rc;
+  }
   if (zKey != NULL && nKey < 0)
   {
     /* Key is zero-terminated string */

diff --git a/src/sqlite3mc_vfs.c b/src/sqlite3mc_vfs.c
@@ -272,6 +272,16 @@ static sqlite3mc_vfs* mcFindVfs(sqlite3* db, const char* zDbName)
   return pVfsMC;
 }
 
+/*
+** Check whether the VFS of the database file corresponding
+** to the database schema name supports encryption.
+*/
+SQLITE_PRIVATE int sqlite3mcIsEncryptionSupported(sqlite3* db, const char* zDbName)
+{
+  sqlite3mc_vfs* pVfsMC = mcFindVfs(db, zDbName);
+  return (pVfsMC != NULL);
+}
+
 /*
 ** Find the codec of the database file
 ** corresponding to the database schema name.