summaryrefslogtreecommitdiff
path: root/sql/password.c
diff options
context:
space:
mode:
authorunknown <peter@mysql.com>2002-12-09 14:29:17 +0300
committerunknown <peter@mysql.com>2002-12-09 14:29:17 +0300
commit7e24f0ec27c75b5bc59e534937057d6b8391a863 (patch)
treeb71e19e1c7ce5ddcb45d66ec55739f1c16b855e4 /sql/password.c
parent08b4c503e2e56151b245b90fd6fedc570bc74376 (diff)
downloadmariadb-git-7e24f0ec27c75b5bc59e534937057d6b8391a863.tar.gz
Minor new auth fixes
sql/password.c: Add checks and fix new auth changes. sql/sql_parse.cc: Remove the check. It is done in different place
Diffstat (limited to 'sql/password.c')
-rw-r--r--sql/password.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/sql/password.c b/sql/password.c
index 0bc8055a5cb..9fd3757106d 100644
--- a/sql/password.c
+++ b/sql/password.c
@@ -689,12 +689,22 @@ my_bool check_scramble(const char *scrambled, const char *message,
{
struct rand_struct rand_st;
ulong hash_message[2];
- char buff[16],*to,extra; /* Big enough for check */
+ char buff[16],*to,extra; /* Big enough for check */
const char *pos;
- char message_buffer[9]; /* Copy of message */
-
- memcpy(message_buffer,message,8); /* Old auth uses 8 bytes at maximum */
- message_buffer[8]=0;
+ char message_buffer[SCRAMBLE_LENGTH+1]; /* Copy of message */
+
+ /* We need to copy the message as this function can be called for MySQL 4.1
+ scramble which is not zero ended and can have zeroes inside
+ We could just write zero to proper place in original message but
+ this would make it harder to understand code for next generations
+ */
+
+ memcpy(message_buffer,message,SCRAMBLE_LENGTH); /* Ignore the rest */
+ message_buffer[SCRAMBLE_LENGTH]=0;
+
+ /* Check if this exactly N bytes. Overwise this is something fishy */
+ if (strlen(message_buffer)!=SCRAMBLE_LENGTH)
+ return 1; /* Wrong password */
hash_password(hash_message,message_buffer);
if (old_ver)