diff options
| author | Alexey Kopytov <Alexey.Kopytov@sun.com> | 2009-05-27 14:20:57 +0400 |
|---|---|---|
| committer | Alexey Kopytov <Alexey.Kopytov@sun.com> | 2009-05-27 14:20:57 +0400 |
| commit | 1b8322c3c6f406bd119145c6f38ddeb802e1b9fc (patch) | |
| tree | 34ae98822606272f3479c61c527ed8c15c1d1702 /sql/item_strfunc.h | |
| parent | 1d03fb715ebcd995648793fbdba57d9a2069ede6 (diff) | |
| download | mariadb-git-1b8322c3c6f406bd119145c6f38ddeb802e1b9fc.tar.gz | |
Bug #44767: invalid memory reads in password() and
old_password() functions
The PASSWORD() and OLD_PASSWORD() functions could lead to
memory reads outside of an internal buffer when used with BLOB
arguments.
String::c_ptr() assumes there is at least one extra byte
in the internally allocated buffer when adding the trailing
'\0'. This, however, may not be the case when a String object
was initialized with externally allocated buffer.
The bug was fixed by adding an additional "length" argument to
make_scrambled_password_323() and make_scrambled_password() in
order to avoid String::c_ptr() calls for
PASSWORD()/OLD_PASSWORD().
However, since the make_scrambled_password[_323] functions are
a part of the client library ABI, the functions with the new
interfaces were implemented with the 'my_' prefix in their
names, with the old functions changed to be wrappers around
the new ones to maintain interface compatibility.
mysql-test/r/func_crypt.result:
Added a test case for bug #44767.
mysql-test/t/func_crypt.test:
Added a test case for bug #44767.
sql/item_strfunc.cc:
Use the new my_make_scrambled_password*() to avoid
String::c_ptr().
sql/item_strfunc.h:
Changed Item_func[_old]_password::alloc() interfaces so that
we can use the new my_make_scrambled_password*() functions.
sql/mysql_priv.h:
Added declarations for the new my_make_scrambled_password*()
functions.
sql/password.c:
Added new my_make_scrambled_password*() functions with an
additional "length" argument. Changed ones to be wrappers
around the new ones to maintain interface compatibility.
sql/sql_yacc.yy:
Utilize the new password hashing functions with additional length
argument.
Diffstat (limited to 'sql/item_strfunc.h')
| -rw-r--r-- | sql/item_strfunc.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h index 1c5346ab074..f2cb4d2d32a 100644 --- a/sql/item_strfunc.h +++ b/sql/item_strfunc.h @@ -281,7 +281,7 @@ public: String *val_str(String *str); void fix_length_and_dec() { max_length= SCRAMBLED_PASSWORD_CHAR_LENGTH; } const char *func_name() const { return "password"; } - static char *alloc(THD *thd, const char *password); + static char *alloc(THD *thd, const char *password, size_t pass_len); }; @@ -300,7 +300,7 @@ public: String *val_str(String *str); void fix_length_and_dec() { max_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; } const char *func_name() const { return "old_password"; } - static char *alloc(THD *thd, const char *password); + static char *alloc(THD *thd, const char *password, size_t pass_len); }; |