Prevent segfault when invalid cipher name provided, identified by Nicholas Starke

developernotes · developernotes · commit c14afcf742ac · 2015-04-16T08:57:29.000-05:00
diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
@@ -186,8 +186,11 @@ static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int
 
 static int sqlcipher_openssl_set_cipher(void *ctx, const char *cipher_name) {
   openssl_ctx *o_ctx = (openssl_ctx *)ctx;
-  o_ctx->evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
-  return SQLITE_OK;
+  EVP_CIPHER* cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
+  if(cipher != NULL) {
+    o_ctx->evp_cipher = cipher;
+  }
+  return cipher != NULL ? SQLITE_OK : SQLITE_ERROR;
 }
 
 static const char* sqlcipher_openssl_get_cipher(void *ctx) {
diff --git a/test/crypto.test b/test/crypto.test
@@ -1922,6 +1922,18 @@ do_test verify-pragma-cipher-page-size-changed {
 db close
 file delete -force test.db
 
+# verify invalid cipher does not cause segfault
+if_built_with_openssl verify-invalid-cipher-does_not_segfault {
+    sqlite_orig db test.db
+    execsql {
+        PRAGMA key = 'test';
+        PRAGMA cipher = 'junk';
+        PRAGMA cipher;
+    }
+} {AES-256-CBC}
+db close
+file delete -force test.db
+
 # verify the pragma cipher
 # reports the default value
 if_built_with_openssl verify-pragma-cipher-default {
