Bug #13934049: 64884: LOGINS WITH INCORRECT PASSWORD ARE ALLOWED

Fixed an improper type conversion on return that can make the server accept logins with a wrong password.
author: Georgi Kodinov <Georgi.Kodinov@Oracle.com> 2012-04-06 12:04:07 +0300
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com> 2012-04-06 12:04:07 +0300
commit: 7dcf0a66fdcd098fb6f8700712595bbaeb4e3cbf (patch)
tree: 965facfb7c465a35ebaf0ed7023d3ebef96882ed /sql/password.c
parent: b5c690aa548ce7796d25f9df3f8ae056dcda1703 (diff)
download: mariadb-git-7dcf0a66fdcd098fb6f8700712595bbaeb4e3cbf.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/password.c b/sql/password.c
index e9e81fb7bf3..e029ba51fc4 100644
--- a/sql/password.c
+++ b/sql/password.c
@@ -531,7 +531,7 @@ check_scramble(const char *scramble_arg, const char *message,
   mysql_sha1_reset(&sha1_context);
   mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
   mysql_sha1_result(&sha1_context, hash_stage2_reassured);
-  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
+  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
 }
author	Georgi Kodinov <Georgi.Kodinov@Oracle.com>	2012-04-06 12:04:07 +0300
committer	Georgi Kodinov <Georgi.Kodinov@Oracle.com>	2012-04-06 12:04:07 +0300
commit	7dcf0a66fdcd098fb6f8700712595bbaeb4e3cbf (patch)
tree	965facfb7c465a35ebaf0ed7023d3ebef96882ed /sql/password.c
parent	b5c690aa548ce7796d25f9df3f8ae056dcda1703 (diff)
download	mariadb-git-7dcf0a66fdcd098fb6f8700712595bbaeb4e3cbf.tar.gz