Support pragma_migrate with keys containing non-terminating zero bytes

sjlombardo · sjlombardo · commit b7c53c8d29e1 · 2019-05-29T11:49:17.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@ All notable changes to this project will be documented in this file.
 ## [4.2.0] - (May 2019 - [4.2.0 changes])
 - Adds PRAGMA cipher_integrity_check to perform independent verification of page HMACs
 - Updates baseline to upstream SQLite 3.28.0
+- Improves PRAGMA cipher_migrate to handle keys containing non-terminating zero bytes
 
 ## [4.1.0] - (March 2019 - [4.1.0 changes])
 - Defer reading salt from header until key derivation is triggered
diff --git a/src/crypto_impl.c b/src/crypto_impl.c
@@ -1334,7 +1334,6 @@ int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
   const char *db_filename = sqlite3_db_filename(db, "main");
   char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
   Btree *pDest = NULL, *pSrc = NULL;
-  const char* commands[5];
   sqlite3_file *srcfile, *destfile;
 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
   LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
@@ -1381,23 +1380,46 @@ int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
   memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
   sqlcipher_free(temp, sqlite3Strlen30(temp));
 
-  attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate KEY '%q';", migrated_db_filename, pass); 
+  attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass); 
   set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
 
-  commands[0] = pragma_compat;
-  commands[1] = "PRAGMA journal_mode = delete;"; /* force journal mode to DELETE, we will set it back later if different */
-  commands[2] = attach_command;
-  commands[3] = "SELECT sqlcipher_export('migrate');";
-  commands[4] = set_user_version;
-
-  for(i = 0; i < ArraySize(commands); i++){
-    rc = sqlite3_exec(db, commands[i], NULL, NULL, NULL);
-    if(rc != SQLITE_OK){
-      CODEC_TRACE("migration step %d failed error code %d\n", i, rc);
-      goto handle_error;
-    }
+  rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
+  if(rc != SQLITE_OK){
+    CODEC_TRACE("set compatibility mode failed, error code %d\n", rc);
+    goto handle_error;
   }
-    
+
+  /* force journal mode to DELETE, we will set it back later if different */
+  rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
+  if(rc != SQLITE_OK){
+    CODEC_TRACE("force journal mode DELETE failed, error code %d\n", rc);
+    goto handle_error;
+  }
+
+  rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
+  if(rc != SQLITE_OK){
+    CODEC_TRACE("attach failed, error code %d\n", rc);
+    goto handle_error;
+  }
+
+  rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
+  if(rc != SQLITE_OK){
+    CODEC_TRACE("keying attached database failed, error code %d\n", rc);
+    goto handle_error;
+  }
+
+  rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
+  if(rc != SQLITE_OK){
+    CODEC_TRACE("sqlcipher_export failed, error code %d\n", rc);
+    goto handle_error;
+  }
+
+  rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
+  if(rc != SQLITE_OK){
+    CODEC_TRACE("set user version failed, error code %d\n", rc);
+    goto handle_error;
+  }
+
   if( !db->autoCommit ){
     CODEC_TRACE("cannot migrate from within a transaction");
     goto handle_error;
