diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2013-01-25 00:17:39 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2013-01-25 00:17:39 +0100 |
| commit | bfc71e63a77972fa4ab934855b6ab712bea323a1 (patch) | |
| tree | dee331666634538a0855e3f0a3674285b2978b10 /sql | |
| parent | 8127e631de90dddc25b3cdffe59e147333eb6c74 (diff) | |
| download | mariadb-git-bfc71e63a77972fa4ab934855b6ab712bea323a1.tar.gz | |
MDEV-3915 COM_CHANGE_USER allows fast password brute-forcing
allow only three failed change_user per connection.
successful change_user do NOT reset the counter
tests/mysql_client_test.c:
make --error to work for --change_user errors
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_class.cc | 1 | ||||
| -rw-r--r-- | sql/sql_class.h | 1 | ||||
| -rw-r--r-- | sql/sql_parse.cc | 17 |
3 files changed, 18 insertions, 1 deletions
diff --git a/sql/sql_class.cc b/sql/sql_class.cc index b7a37ae3f69..d44d28eaae2 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -675,6 +675,7 @@ THD::THD() stmt_depends_on_first_successful_insert_id_in_prev_stmt(FALSE), examined_row_count(0), global_read_lock(0), + failed_com_change_user(0), is_fatal_error(0), transaction_rollback_request(0), is_fatal_sub_stmt_error(0), diff --git a/sql/sql_class.h b/sql/sql_class.h index 6b277add4a5..d55200efea4 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -1865,6 +1865,7 @@ public: bool no_errors, password; bool extra_port; /* If extra connection */ + uint8 failed_com_change_user; /** Set to TRUE if execution of the current compound statement can not continue. In particular, disables activation of diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index be0e2db43c6..0c47b7a8bb3 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1144,6 +1144,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, uint save_db_length= thd->db_length; char *save_db= thd->db; + int rc; USER_CONN *save_user_connect= thd->user_connect; Security_context save_security_ctx= *thd->security_ctx; CHARSET_INFO *save_character_set_client= @@ -1157,7 +1158,19 @@ bool dispatch_command(enum enum_server_command command, THD *thd, thd->security_ctx->user= 0; thd->user_connect= 0; - if (acl_authenticate(thd, 0, packet_length)) + /* + to limit COM_CHANGE_USER ability to brute-force passwords, + we only allow three unsuccessful COM_CHANGE_USER per connection. + */ + if (thd->failed_com_change_user >= 3) + { + my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); + rc= 1; + } + else + rc= acl_authenticate(thd, 0, packet_length); + + if (rc) { /* Free user if allocated by acl_authenticate */ x_free(thd->security_ctx->user); @@ -1170,6 +1183,8 @@ bool dispatch_command(enum enum_server_command command, THD *thd, thd->variables.collation_connection= save_collation_connection; thd->variables.character_set_results= save_character_set_results; thd->update_charset(); + thd->failed_com_change_user++; + my_sleep(1000000); } else { |