diff options
author | unknown <peter@mysql.com> | 2002-12-09 14:29:17 +0300 |
---|---|---|
committer | unknown <peter@mysql.com> | 2002-12-09 14:29:17 +0300 |
commit | 7e24f0ec27c75b5bc59e534937057d6b8391a863 (patch) | |
tree | b71e19e1c7ce5ddcb45d66ec55739f1c16b855e4 /sql/password.c | |
parent | 08b4c503e2e56151b245b90fd6fedc570bc74376 (diff) | |
download | mariadb-git-7e24f0ec27c75b5bc59e534937057d6b8391a863.tar.gz |
Minor new auth fixes
sql/password.c:
Add checks and fix new auth changes.
sql/sql_parse.cc:
Remove the check. It is done in different place
Diffstat (limited to 'sql/password.c')
-rw-r--r-- | sql/password.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/sql/password.c b/sql/password.c index 0bc8055a5cb..9fd3757106d 100644 --- a/sql/password.c +++ b/sql/password.c @@ -689,12 +689,22 @@ my_bool check_scramble(const char *scrambled, const char *message, { struct rand_struct rand_st; ulong hash_message[2]; - char buff[16],*to,extra; /* Big enough for check */ + char buff[16],*to,extra; /* Big enough for check */ const char *pos; - char message_buffer[9]; /* Copy of message */ - - memcpy(message_buffer,message,8); /* Old auth uses 8 bytes at maximum */ - message_buffer[8]=0; + char message_buffer[SCRAMBLE_LENGTH+1]; /* Copy of message */ + + /* We need to copy the message as this function can be called for MySQL 4.1 + scramble which is not zero ended and can have zeroes inside + We could just write zero to proper place in original message but + this would make it harder to understand code for next generations + */ + + memcpy(message_buffer,message,SCRAMBLE_LENGTH); /* Ignore the rest */ + message_buffer[SCRAMBLE_LENGTH]=0; + + /* Check if this exactly N bytes. Overwise this is something fishy */ + if (strlen(message_buffer)!=SCRAMBLE_LENGTH) + return 1; /* Wrong password */ hash_password(hash_message,message_buffer); if (old_ver) |