summaryrefslogtreecommitdiff
path: root/ext/mysqlnd/mysqlnd_auth.c
diff options
context:
space:
mode:
authorNikita Popov <nikita.ppv@gmail.com>2019-12-27 13:27:10 +0100
committerNikita Popov <nikita.ppv@gmail.com>2019-12-27 17:27:41 +0100
commit03ee36d1c526b402e1e5f283ee6f1631f3f61982 (patch)
tree981315896952e5c2684dee37f8db170c4f8d9c80 /ext/mysqlnd/mysqlnd_auth.c
parent6225137b4a51da4550f01aafbe8bc39655aedc23 (diff)
downloadphp-git-03ee36d1c526b402e1e5f283ee6f1631f3f61982.tar.gz
Fix unix socket check during caching_sha2_password
The fact that conn->unix_socket is set does not mean that a Unix socket is actually in use -- this member is set in a default configuration. Instead check whether a unix_socket stream ops is used.
Diffstat (limited to 'ext/mysqlnd/mysqlnd_auth.c')
-rw-r--r--ext/mysqlnd/mysqlnd_auth.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
index 3ceaaa457e..a1aaebd9da 100644
--- a/ext/mysqlnd/mysqlnd_auth.c
+++ b/ext/mysqlnd/mysqlnd_auth.c
@@ -1032,6 +1032,14 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
}
/* }}} */
+static int is_secure_transport(MYSQLND_CONN_DATA *conn) {
+ if (conn->vio->data->ssl) {
+ return 1;
+ }
+
+ return strcmp(conn->vio->data->stream->ops->label, "unix_socket") == 0;
+}
+
/* {{{ mysqlnd_caching_sha2_handle_server_response */
static enum_func_status
mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self,
@@ -1063,13 +1071,13 @@ mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plu
DBG_INF("fast path succeeded");
DBG_RETURN(PASS);
case 4:
- if (conn->vio->data->ssl || conn->unix_socket.s) {
- DBG_INF("fast path failed, doing full auth via SSL");
+ if (is_secure_transport(conn)) {
+ DBG_INF("fast path failed, doing full auth via secure transport");
result_packet.password = (zend_uchar *)passwd;
result_packet.password_len = passwd_len + 1;
PACKET_WRITE(conn, &result_packet);
} else {
- DBG_INF("fast path failed, doing full auth without SSL");
+ DBG_INF("fast path failed, doing full auth via insecure transport");
result_packet.password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet.password, passwd, passwd_len);
PACKET_WRITE(conn, &result_packet);
efree(result_packet.password);
View Lorry Controller Status