From b569fa6a3e4bb4c78bb16275158ea5afd62d827b Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 9 Dec 2002 14:29:17 +0300 Subject: [PATCH] Minor new auth fixes sql/password.c: Add checks and fix new auth changes. sql/sql_parse.cc: Remove the check. It is done in different place --- sql/password.c | 18 ++++++++++++++---- sql/sql_parse.cc | 2 -- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/sql/password.c b/sql/password.c index 0bc8055a5cb..9fd3757106d 100644 --- a/sql/password.c +++ b/sql/password.c @@ -689,12 +689,22 @@ my_bool check_scramble(const char *scrambled, const char *message, { struct rand_struct rand_st; ulong hash_message[2]; - char buff[16],*to,extra; /* Big enough for check */ + char buff[16],*to,extra; /* Big enough for check */ const char *pos; - char message_buffer[9]; /* Copy of message */ + char message_buffer[SCRAMBLE_LENGTH+1]; /* Copy of message */ + + /* We need to copy the message as this function can be called for MySQL 4.1 + scramble which is not zero ended and can have zeroes inside + We could just write zero to proper place in original message but + this would make it harder to understand code for next generations + */ - memcpy(message_buffer,message,8); /* Old auth uses 8 bytes at maximum */ - message_buffer[8]=0; + memcpy(message_buffer,message,SCRAMBLE_LENGTH); /* Ignore the rest */ + message_buffer[SCRAMBLE_LENGTH]=0; + + /* Check if this exactly N bytes. Overwise this is something fishy */ + if (strlen(message_buffer)!=SCRAMBLE_LENGTH) + return 1; /* Wrong password */ hash_password(hash_message,message_buffer); if (old_ver) diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 660fd545bb6..90568bfcc5e 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -195,8 +195,6 @@ static int check_user(THD *thd,enum_server_command command, const char *user, thd->db_length=0; USER_RESOURCES ur; - if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH) - return 1; /* We shall avoid dupplicate user allocations here */ if (!thd->user && !(thd->user = my_strdup(user, MYF(0)))) {