From ca3e45dce14102c2b2d305493c61f46972218e67 Mon Sep 17 00:00:00 2001
From: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
Date: Fri, 29 Jun 2012 14:04:24 +0300
Subject: Bug #12910665: AUTH-PLUGIN-DATA-LEN NOT TESTED FOR VALIDITY BY THE
 CLIENT

Added a check for a negative second part of the scramble length.
---
 sql/sql_acl.cc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sql')

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index d3715fd2312..242967fff6a 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -8032,6 +8032,7 @@ static bool send_server_handshake_packet(MPVIO_EXT *mpvio,
   int2store(end + 3, mpvio->server_status[0]);
   int2store(end + 5, mpvio->client_capabilities >> 16);
   end[7]= data_len;
+  DBUG_EXECUTE_IF("poison_srv_handshake_scramble_len", end[7]= -100;);
   bzero(end + 8, 10);
   end+= 18;
   /* write scramble tail */
-- 
cgit v1.2.1