disable memory security feature by default; once it is turned on it can't be turned off

sjlombardo · sjlombardo · commit 07ca482e4e67 · 2021-09-08T10:26:36.000-04:00
diff --git a/src/crypto_impl.c b/src/crypto_impl.c
@@ -51,7 +51,7 @@ static volatile int default_page_size = 4096;
 static volatile int default_plaintext_header_sz = 0;
 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
-static volatile int mem_security_on = 1;
+static volatile int mem_security_on = 0;
 static volatile int mem_security_initialized = 0;
 static volatile int mem_security_activated = 0;
 static volatile unsigned int sqlcipher_activate_count = 0;
@@ -836,8 +836,11 @@ int sqlcipher_get_default_pagesize() {
 }
 
 void sqlcipher_set_mem_security(int on) {
-  mem_security_on = on;
-  mem_security_activated = 0;
+  /* memory security can only be enabled, not disabled */
+  if(on) {
+    mem_security_on = on;
+    mem_security_activated = 0;
+  }
 }
 
 int sqlcipher_get_mem_security() {
diff --git a/test/sqlcipher-core.test b/test/sqlcipher-core.test
@@ -730,20 +730,20 @@ db close
 file delete -force test.db
 
 # verify memory security behavior
-# initially should report ON
-# then disable, check that it is off
-# turn it back on, then check. 
+# initially should report OFF
+# then enable, check that it is ON
+# try to turn if off, but verify that it
+# can't be unset.
 do_test verify-memory-security {
     sqlite_orig db test.db
     execsql {
-        PRAGMA cipher_memory_security;
-        PRAGMA cipher_memory_security = OFF;
         PRAGMA cipher_memory_security;
         PRAGMA cipher_memory_security = ON;
         PRAGMA cipher_memory_security;
-        
+        PRAGMA cipher_memory_security = OFF;
+        PRAGMA cipher_memory_security;
     }
-} {1 0 1}
+} {0 1 1}
 db close
 file delete -force test.db
 
