From 19961d4cad76b1711baed837885ce143041a9645 Mon Sep 17 00:00:00 2001
From: Stephen Lombardo <sjlombardo@zetetic.net>
Date: Fri, 8 Feb 2019 16:24:22 -0500
Subject: [PATCH] explicitly disable backup for encrypted databases

---
 src/backup.c             | 20 +++++++++++++++
 test/sqlcipher-core.test | 63 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 83 insertions(+)

diff --git a/src/backup.c b/src/backup.c
index 4200940b..4b55cf5f 100644
--- a/src/backup.c
+++ b/src/backup.c
@@ -153,6 +153,26 @@ sqlite3_backup *sqlite3_backup_init(
   }
 #endif
 
+/* BEGIN SQLCIPHER */
+#ifdef SQLITE_HAS_CODEC
+  {
+    extern int sqlcipher_find_db_index(sqlite3*, const char*);
+    extern void sqlite3CodecGetKey(sqlite3*, int, void**, int*);
+    int srcNKey, destNKey;
+    void *zKey;
+
+    sqlite3CodecGetKey(pSrcDb, sqlcipher_find_db_index(pSrcDb, zSrcDb), &zKey, &srcNKey);
+    sqlite3CodecGetKey(pDestDb, sqlcipher_find_db_index(pDestDb, zDestDb), &zKey, &destNKey);
+    zKey = NULL;
+
+    if(srcNKey || destNKey) {
+      sqlite3ErrorWithMsg(pDestDb, SQLITE_ERROR, "backup is not supported with encrypted databases");
+      return NULL;
+    }
+  }
+#endif
+/* END SQLCIPHER */
+
   /* Lock the source database handle. The destination database
   ** handle is not locked in this routine, but it is locked in
   ** sqlite3_backup_step(). The user is required to ensure that no
diff --git a/test/sqlcipher-core.test b/test/sqlcipher-core.test
index fe7cb34b..876423dd 100644
--- a/test/sqlcipher-core.test
+++ b/test/sqlcipher-core.test
@@ -862,4 +862,67 @@ db close
 dba close
 file delete -force test.db
 
+do_test backup-encrypted-to-plain {
+  sqlite_orig db test.db
+  sqlite_orig db2 backup.db
+  execsql {
+    PRAGMA key = 'test';
+    CREATE TABLE t1(a,b);
+    INSERT INTO t1(a,b) VALUES (1,2);
+  }
+  list [catch { sqlite3_backup B db2 main db main } msg] $msg
+} {1 {sqlite3_backup_init() failed}}
+db close
+db2 close
+file delete -force test.db
+file delete -force backup.db
+
+do_test backup-plain-to-encrypted {
+  sqlite_orig db test.db
+  sqlite_orig db2 backup.db
+  execsql {
+    CREATE TABLE t1(a,b);
+    INSERT INTO t1(a,b) VALUES (1,2);
+  }
+  execsql {
+    PRAGMA key = 'test';
+  } db2
+
+  list [catch { sqlite3_backup B db2 main db main } msg] $msg
+} {1 {sqlite3_backup_init() failed}}
+db close
+db2 close
+file delete -force test.db
+file delete -force backup.db
+
+do_test backup-encrypted-to-encrypted {
+  sqlite_orig db test.db
+  sqlite_orig db2 backup.db
+  execsql {
+    PRAGMA key = 'test';
+    CREATE TABLE t1(a,b);
+    INSERT INTO t1(a,b) VALUES (1,2);
+  }
+  execsql {
+    PRAGMA key = 'test';
+  } db2
+  list [catch { sqlite3_backup B db2 main db main } msg] $msg
+} {1 {sqlite3_backup_init() failed}}
+db close
+db2 close
+file delete -force test.db
+file delete -force backup.db
+
+do_test backup-plain-to-plain {
+  sqlite_orig db test.db
+  sqlite_orig db2 backup.db
+  execsql {
+    CREATE TABLE t1(a,b);
+    INSERT INTO t1(a,b) VALUES (1,2);
+  }
+  sqlite3_backup B db2 main db main
+  B step -1
+  B finish
+} {SQLITE_OK}
+
 finish_test
-- 
2.11.4.GIT