leapcode / pysqlcipher

Python bindings for SQLCipher
https://leap.se
Other
131 stars 42 forks source link

Seg Fault in libcrypto.so.1.0.0 #18

Open minorsecond opened 9 years ago

minorsecond commented 9 years ago

I apologize if this issue is with SQLCipher or Openssl vs. pysqlcipher...

When attempting to query a table, libcrypto.so.1.0.0 segfaults. Stacktace is here. I haven't really been able to find any info as to what's causing this issue but it looks like something malformed may be being passed to EVP_CIPHER_key_length ().

kalikaneko commented 9 years ago

interesting, maybe some kind of validation might be in order. do you have a minimal example able to reproduce this?

minorsecond commented 9 years ago

I've got a gist I put up when asking someone else. I can create a DB and post it if necessary. Note that when running with encryption enabled, the code creates a plaintext DB (can hexdump and read columns) with no row entries.

minorsecond commented 9 years ago

Pysqlcipher seems to work when runnitng it without sqlalchemy, so I believe sqlalchemy is doing something with the key that pysqlcipher doesn't like. Do you know of any formatting or type issues that could throw an error?

kalikaneko commented 9 years ago

Hmm it seems that what's producing the segfault is setting the cipher pragma. If you don't set cipher using sqlalchemy it doesn't segfault.

This snippet reproduces the crash:

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pysqlcipher import dbapi2 as sqlite
conn = sqlite.connect('test.db')
c = conn.cursor()
c.execute("PRAGMA key='test'")

print "Setting cipher pragma"
c.execute("PRAGMA cipher='breakme'")

It looks like EVP_CIPHER_key_length () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 is indeed receiving malformed input. I'd try to recreate the segfault using libsqlcipher and ping upstream sqlcipher devs.