From dadc53ff0b32ce34ed43e98fb4b1d3af780167f8 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sat, 26 Oct 2019 10:43:10 +0200 Subject: MDEV-19882 pam v2: auth_pam_tool truncates passwords that are not null-terminated Don't assume that passwords (and other conv replies) are zero-terminated. If they are, though, strndup() down below will take care of that. --- plugin/auth_pam/auth_pam_tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugin') diff --git a/plugin/auth_pam/auth_pam_tool.c b/plugin/auth_pam/auth_pam_tool.c index 3947091ec4a..624b6880933 100644 --- a/plugin/auth_pam/auth_pam_tool.c +++ b/plugin/auth_pam/auth_pam_tool.c @@ -33,7 +33,7 @@ static int roundtrip(struct param *param, const unsigned char *buf, if (write(1, &b, 1) < 1 || write_string(1, buf, buf_len)) return -1; *pkt= (unsigned char *) param->buf; - return read_string(0, (char *) param->buf, (int) sizeof(param->buf)) - 1; + return read_string(0, (char *) param->buf, (int) sizeof(param->buf)); } typedef struct st_mysql_server_auth_info -- cgit v1.2.1