Skip to content

Use temporary memory database connection to quote the password#36956

Merged
cincuranet merged 3 commits intodotnet:mainfrom
utelle:fix35760
Oct 14, 2025
Merged

Use temporary memory database connection to quote the password#36956
cincuranet merged 3 commits intodotnet:mainfrom
utelle:fix35760

Conversation

@utelle
Copy link
Contributor

@utelle utelle commented Oct 12, 2025
edited by cincuranet
Loading

Fixes #35760

@utelle
Fix dotnet#35760
5318b4e 
Use temporary memory database connection to quote the password
@utelle utelle requested a review from a team as a code owner October 12, 2025 16:06
@utelle utelle mentioned this pull request Oct 12, 2025
Closed
@ErikEJ
Copy link
Contributor

ErikEJ commented Oct 12, 2025

Could you add some testing?

@utelle
Copy link
Contributor Author

utelle commented Oct 12, 2025
edited
Loading

Could you add some testing?

In principle, a test is already in place:

efcore/test/Microsoft.Data.Sqlite.Tests/SqliteConnectionTest.cs

Lines 264 to 276 in aeb51fa

[Fact]
public void Open_works_when_password()
{
#if E_SQLITE3 || WINSQLITE3
Open_works_when_password_unsupported();
#elif E_SQLCIPHER || E_SQLITE3MC || SQLCIPHER
Open_works_when_password_supported();
#elif SQLITE3
Open_works_when_password_might_be_supported();
#else
#error Unexpected native library
#endif
}

You just need to enable either E_SQLCIPHER or E_SQLITE3MC. Of course, you need to make sure that a SQLite version greater or equal 3.48.0 is used under the hood.

Without the fix the test will fail for SQLite 3.48.0 or later with an error message (SQLITE_NOTADB), while it will succeed with the fix.

bricelam
bricelam suggested changes Oct 12, 2025
View reviewed changes
src/Microsoft.Data.Sqlite.Core/SqliteConnectionInternal.cs Outdated
using (var inMemoryConnection = new SqliteConnection("Filename=:memory:"))
{
inMemoryConnection.Open();
quotedPassword = ExecuteScalar(
Copy link
Contributor

@bricelam bricelam Oct 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ExecuteScalar will not use inMemoryConnection here. (It uses _db)

Copy link
Contributor Author

@utelle utelle Oct 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ouch... that will have to be changed, of course.

src/Microsoft.Data.Sqlite.Core/SqliteConnectionInternal.cs Outdated
var quotedPassword = ExecuteScalar(
"SELECT quote($password);",
var quotedPassword = string.Empty;
using (var inMemoryConnection = new SqliteConnection("Filename=:memory:"))
Copy link
Contributor

@bricelam bricelam Oct 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wouldn't use the ADO.NET interfaces (e.g. SqliteConnection) here. Use the lower-level SQLitePCLRaw APIs (e.g. sqlite3_open_v2) instead.

Copy link
Contributor Author

@utelle utelle Oct 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll try to adjust the code accordingly.

Copy link
Contributor Author

@utelle utelle Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bricelam I tried to adjust the code according to your comments. Please take a look.

@utelle
Copy link
Contributor Author

utelle commented Oct 13, 2025

@dotnet-policy-service agree

@SamMonoRT SamMonoRT requested a review from cincuranet October 13, 2025 14:41
bricelam
bricelam approved these changes Oct 13, 2025
View reviewed changes
Copy link
Contributor

@bricelam bricelam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@utelle
Copy link
Contributor Author

utelle commented Oct 13, 2025

LGTM

@bricelam: Thanks. Nevertheless, I have reconsidered the implementation. I have doubts as to whether the function RetryWhileBusy() should/needs really be used here. I took it from the implementation of ExecScalar(). However, in case of an in-memory database there is no concurrency at all, because only the connection that opened the in-memory database can access it - AFAIK. That is, no way for the connection to be busy under the given circumstances.

Therefore the current implementation

    private string QuotePassword(string pswd, int timeout)
    {
        sqlite3 dbMem;
        var rc = sqlite3_open(":memory:", out dbMem);
        SqliteException.ThrowExceptionForRC(rc, dbMem);

        var timer = Stopwatch.StartNew();
        sqlite3_stmt stmt = null!;
        RetryWhileBusy(() => sqlite3_prepare_v2(dbMem, "SELECT quote($password);", out stmt), timeout, timer);
        try
        {
            sqlite3_bind_text(stmt, 1, pswd);
            RetryWhileBusy(() => sqlite3_step(stmt), () => sqlite3_reset(stmt), timeout, timer);
            return sqlite3_column_text(stmt, 0).utf8_to_string();
        }
        finally
        {
            stmt.Dispose();
            dbMem.Dispose();
        }
    }

could possibly be simplified to the following:

    private string QuotePassword(string pswd)
    {
        sqlite3 dbMem;
        int rc = sqlite3_open(":memory:", out dbMem);
        SqliteException.ThrowExceptionForRC(rc, dbMem);
        sqlite3_stmt stmt = null!;
        try
        {
            rc = sqlite3_prepare_v2(dbMem, "SELECT quote($password);", out stmt);
            SqliteException.ThrowExceptionForRC(rc, dbMem);
            sqlite3_bind_text(stmt, 1, pswd);
            rc = sqlite3_step(stmt);
            SqliteException.ThrowExceptionForRC(rc, dbMem);
            return sqlite3_column_text(stmt, 0).utf8_to_string();
        }
        finally
        {
            stmt.Dispose();
            dbMem.Dispose();
        }
    }

What do you think?

@bricelam
Copy link
Contributor

bricelam commented Oct 13, 2025

@utelle I agree, it's not needed here. Proposed code looks good to me.

@cincuranet cincuranet linked an issue Oct 14, 2025 that may be closed by this pull request
Setting the password for an encrypted database fails, if version 3.48.0 or higher of the underlying SQLite library is used #35760
Closed
@cincuranet cincuranet changed the title Fix #35760 Use temporary memory database connection to quote the password Oct 14, 2025
@cincuranet cincuranet merged commit 2e211e4 into dotnet:main Oct 14, 2025
7 checks passed
cincuranet added a commit to cincuranet/efcore that referenced this pull request Oct 14, 2025
@cincuranet
Cleanup after dotnet#36956.
84a48ba
@utelle utelle mentioned this pull request Oct 14, 2025
Closed
@cincuranet cincuranet mentioned this pull request Oct 14, 2025
Merged
@cincuranet
Copy link
Contributor

cincuranet commented Oct 14, 2025

Thanks.

I did quick cleanup in #36961. And backport to 10 (#36962).

@utelle
Copy link
Contributor Author

utelle commented Oct 14, 2025

I did quick cleanup in #36961. And backport to 10 (#36962).

Thank you very much for cleaning up the code, and for backporting to version 10.

cincuranet added a commit that referenced this pull request Oct 14, 2025
@cincuranet
Cleanup after #36956. (#36961)
78c31d0
@dotnet-maestro dotnet-maestro bot mentioned this pull request Oct 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cincuranet cincuranet cincuranet approved these changes

+1 more reviewer

@bricelam bricelam bricelam approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Setting the password for an encrypted database fails, if version 3.48.0 or higher of the underlying SQLite library is used

4 participants

@utelle @ErikEJ @bricelam @cincuranet

Comments