Change things to allow passing of the password length

to mysqlnd. This is needed as a password might include
a \0 and thus we need to be binary safe.

8 files changed, 24 insertions, 11 deletions

diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index c75c9f8ec2..724c1e0ab2 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -535,7 +535,11 @@ PHP_FUNCTION(mysqli_change_user)
 	old_charset = mysql->mysql->charset;
 #endif
 
+#if defined(MYSQLI_USE_MYSQLND)
+	rc = mysqlnd_change_user_ex(mysql->mysql, user, password, dbname, FALSE, (size_t) password_len);
+#else
 	rc = mysql_change_user(mysql->mysql, user, password, dbname);
+#endif
 	MYSQLI_REPORT_MYSQL_ERROR(mysql->mysql);
 
 	if (rc) {
diff --git a/ext/mysqli/mysqli_libmysql.h b/ext/mysqli/mysqli_libmysql.h
index ca6770af11..3ec06cdd08 100644
--- a/ext/mysqli/mysqli_libmysql.h
+++ b/ext/mysqli/mysqli_libmysql.h
@@ -38,7 +38,7 @@
 #define mysqli_close(c, is_forced)			mysql_close((c))
 #define mysqli_stmt_close(c, implicit)		mysql_stmt_close((c))
 #define mysqli_free_result(r, is_forced)	mysql_free_result((r))
-#define mysqli_change_user_silent(c, u, p, d)   mysql_change_user((c), (u), (p), (d))
+#define mysqli_change_user_silent(c, u, p, d, p_len)   mysql_change_user((c), (u), (p), (d))
 
 
 /*
diff --git a/ext/mysqli/mysqli_mysqlnd.h b/ext/mysqli/mysqli_mysqlnd.h
index 3072835c55..e4e06daeaa 100644
--- a/ext/mysqli/mysqli_mysqlnd.h
+++ b/ext/mysqli/mysqli_mysqlnd.h
@@ -40,7 +40,7 @@
 #define mysqli_stmt_close(c, implicit)	mysqlnd_stmt_close((c), (implicit))
 #define mysqli_free_result(r, implicit)	mysqlnd_free_result((r), (implicit))
 #define mysqli_async_query(c, q, l)		mysqlnd_async_query((c), (q), (l))
-#define mysqli_change_user_silent(c, u, p, d)   mysqlnd_change_user((c), (u), (p), (d), TRUE)
+#define mysqli_change_user_silent(c, u, p, d, p_len)   mysqlnd_change_user_ex((c), (u), (p), (d), TRUE, (size_t)(p_len))
 
 #define HAVE_STMT_NEXT_RESULT
 
diff --git a/ext/mysqli/mysqli_nonapi.c b/ext/mysqli/mysqli_nonapi.c
index 04755df224..11c0618c49 100644
--- a/ext/mysqli/mysqli_nonapi.c
+++ b/ext/mysqli/mysqli_nonapi.c
@@ -172,7 +172,7 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 							/* reset variables */
 
 #ifndef MYSQLI_NO_CHANGE_USER_ON_PCONNECT
-							if (!mysqli_change_user_silent(mysql->mysql, username, passwd, dbname)) {
+							if (!mysqli_change_user_silent(mysql->mysql, username, passwd, dbname, passwd_len)) {
 #else
 							if (!mysql_ping(mysql->mysql)) {
 #endif
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index 94cd5b89a8..abf33e1788 100644
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -497,6 +497,7 @@ mysqlnd_connect_run_authentication(
 			const char * const passwd,
 			const char * const db,
 			size_t db_len,
+			size_t passwd_len,
 			const MYSQLND_PACKET_GREET * const greet_packet,
 			const MYSQLND_OPTIONS * const options,
 			unsigned long mysql_flags
@@ -530,7 +531,7 @@ mysqlnd_connect_run_authentication(
 
 			DBG_INF("plugin found");
 
-			ret = auth_plugin->methods.auth_handshake(conn, user, passwd, db, db_len, greet_packet, options, mysql_flags,
+			ret = auth_plugin->methods.auth_handshake(conn, user, passwd, db, db_len, passwd_len, greet_packet, options, mysql_flags,
 													  &switch_to_auth_protocol TSRMLS_CC);
 			DBG_INF_FMT("switch_to_auth_protocol=%s", switch_to_auth_protocol? switch_to_auth_protocol:"n/a");
 		} while (ret == FAIL && switch_to_auth_protocol != NULL);
@@ -729,7 +730,9 @@ MYSQLND_METHOD(mysqlnd_conn, connect)(MYSQLND * conn,
 	}
 #endif
 
-	if (FAIL == mysqlnd_connect_run_authentication(conn, user, passwd, db, db_len, greet_packet, &conn->options, mysql_flags TSRMLS_CC)) {
+	if (FAIL == mysqlnd_connect_run_authentication(conn, user, passwd, db, db_len, (size_t) passwd_len,
+												   greet_packet, &conn->options, mysql_flags TSRMLS_CC))
+	{
 		goto err;
 	}
 
@@ -1912,7 +1915,9 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
 										  const char *user,
 										  const char *passwd,
 										  const char *db,
-										  zend_bool silent TSRMLS_DC)
+										  zend_bool silent,
+										  size_t passwd_len
+										  TSRMLS_DC)
 {
 	/*
 	  User could be max 16 * 3 (utf8), pass is 20 usually, db is up to 64*3
@@ -1962,7 +1967,7 @@ MYSQLND_METHOD(mysqlnd_conn, change_user)(MYSQLND * const conn,
 				break;
 			}	
 			DBG_INF("plugin found");
-			ret = auth_plugin->methods.auth_change_user(conn, user, strlen(user), passwd, db, strlen(db), silent, &switch_to_auth_protocol TSRMLS_CC);
+			ret = auth_plugin->methods.auth_change_user(conn, user, strlen(user), passwd, db, strlen(db), passwd_len, silent, &switch_to_auth_protocol TSRMLS_CC);
 			DBG_INF_FMT("switch_to_auth_protocol=%s", switch_to_auth_protocol? switch_to_auth_protocol:"n/a");
 		} while (ret == FAIL && switch_to_auth_protocol != NULL);
 		if (ret == PASS) {
diff --git a/ext/mysqlnd/mysqlnd.h b/ext/mysqlnd/mysqlnd.h
index bb5e399658..6dbec7171f 100644
--- a/ext/mysqlnd/mysqlnd.h
+++ b/ext/mysqlnd/mysqlnd.h
@@ -115,7 +115,8 @@ PHPAPI MYSQLND * mysqlnd_connect(MYSQLND *conn,
 						  unsigned int mysql_flags
 						  TSRMLS_DC);
 
-#define mysqlnd_change_user(conn, user, passwd, db, silent)		(conn)->m->change_user((conn), (user), (passwd), (db), (silent) TSRMLS_CC)
+#define mysqlnd_change_user(conn, user, passwd, db, silent)		(conn)->m->change_user((conn), (user), (passwd), (db), (silent), strlen((passwd)) TSRMLS_CC)
+#define mysqlnd_change_user_ex(conn, user, passwd, db, silent, passwd_len)		(conn)->m->change_user((conn), (user), (passwd), (db), (silent), (passwd_len) TSRMLS_CC)
 
 #define mysqlnd_debug(x)								_mysqlnd_debug((x) TSRMLS_CC)
 PHPAPI void _mysqlnd_debug(const char *mode TSRMLS_DC);
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
index cc360cb6de..ccf935355e 100644
--- a/ext/mysqlnd/mysqlnd_auth.c
+++ b/ext/mysqlnd/mysqlnd_auth.c
@@ -36,6 +36,7 @@ mysqlnd_native_auth_handshake(MYSQLND * conn,
 							  const char * const passwd,
 							  const char * const db,
 							  const size_t db_len,
+							  const size_t passwd_len,
 							  const MYSQLND_PACKET_GREET * const greet_packet,
 							  const MYSQLND_OPTIONS * const options,
 							  unsigned long mysql_flags,
@@ -132,6 +133,7 @@ mysqlnd_native_auth_change_user(MYSQLND * const conn,
 								const char * const passwd,
 								const char * const db,
 								const size_t db_len,
+								const size_t passwd_len,
 								const zend_bool silent,
 								char ** switch_to_auth_protocol
 								TSRMLS_DC)
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index 5ba2f4c68f..59c7fdc854 100644
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -300,6 +300,7 @@ struct st_mysqlnd_packet_row;
 struct st_mysqlnd_packet_stats;
 struct st_mysqlnd_packet_prepare_response;
 struct st_mysqlnd_packet_chg_user_resp;
+struct st_mysqlnd_packet_auth_pam;
 
 typedef struct st_mysqlnd_packet_greet *		(*func_mysqlnd_protocol__get_greet_packet)(MYSQLND_PROTOCOL * const protocol, zend_bool persistent TSRMLS_DC);
 typedef struct st_mysqlnd_packet_auth *			(*func_mysqlnd_protocol__get_auth_packet)(MYSQLND_PROTOCOL * const protocol, zend_bool persistent TSRMLS_DC);
@@ -357,7 +358,7 @@ typedef enum_func_status	(*func_mysqlnd_conn__ping)(MYSQLND * const conn TSRMLS_
 typedef enum_func_status	(*func_mysqlnd_conn__kill_connection)(MYSQLND *conn, unsigned int pid TSRMLS_DC);
 typedef enum_func_status	(*func_mysqlnd_conn__select_db)(MYSQLND * const conn, const char * const db, unsigned int db_len TSRMLS_DC);
 typedef enum_func_status	(*func_mysqlnd_conn__server_dump_debug_information)(MYSQLND * const conn TSRMLS_DC);
-typedef enum_func_status	(*func_mysqlnd_conn__change_user)(MYSQLND * const conn, const char * user, const char * passwd, const char * db, zend_bool silent TSRMLS_DC);
+typedef enum_func_status	(*func_mysqlnd_conn__change_user)(MYSQLND * const conn, const char * user, const char * passwd, const char * db, zend_bool silent, size_t passwd_len TSRMLS_DC);
 
 typedef unsigned int		(*func_mysqlnd_conn__get_error_no)(const MYSQLND * const conn TSRMLS_DC);
 typedef const char *		(*func_mysqlnd_conn__get_error_str)(const MYSQLND * const conn TSRMLS_DC);
@@ -970,12 +971,12 @@ struct st_mysqlnd_authentication_plugin
 	struct st_mysqlnd_plugin_header plugin_header;
 	struct {
 		enum_func_status (*auth_handshake)(MYSQLND * conn, const char * const user, const char * const passwd, const char * const db,
-										   const size_t db_len, const struct st_mysqlnd_packet_greet * const greet_packet,
+										   const size_t db_len, const size_t passwd_len, const struct st_mysqlnd_packet_greet * const greet_packet,
 										   const MYSQLND_OPTIONS * const options, unsigned long mysql_flags,
 										   char ** switch_to_auth_protocol TSRMLS_DC);
 
 		enum_func_status (*auth_change_user)(MYSQLND * const conn, const char * const user, const size_t user_len, const char * const passwd,
-											 const char * const db, const size_t db_len, const zend_bool silent,
+											 const char * const db, const size_t db_len, const size_t passwd_len, const zend_bool silent,
 											 char ** switch_to_auth_protocol TSRMLS_DC);
 	} methods;
 };