diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-02-18 16:18:50 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-02-18 16:18:50 +0100 |
| commit | 172010a08d0916ab1678f7f0768472c120330307 (patch) | |
| tree | e30381e7937317a5343c85d1cf5decc67dcc97da /ext/mysqlnd/mysqlnd_auth.c | |
| parent | 7a062cf9cdb5f037413836537c4b38bb7d30ee68 (diff) | |
| parent | 9d31a42a30e944688c29aefc4bd0396ce395efe1 (diff) | |
| download | php-git-172010a08d0916ab1678f7f0768472c120330307.tar.gz | |
Merge branch 'PHP-7.4'
* PHP-7.4:
Don't use VLA in mysqlnd auth
Diffstat (limited to 'ext/mysqlnd/mysqlnd_auth.c')
| -rw-r--r-- | ext/mysqlnd/mysqlnd_auth.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c index 8702ef1c57..6ccb28dd0f 100644 --- a/ext/mysqlnd/mysqlnd_auth.c +++ b/ext/mysqlnd/mysqlnd_auth.c @@ -804,7 +804,8 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self if (server_public_key) { int server_public_key_len; - char xor_str[passwd_len + 1]; + ALLOCA_FLAG(use_heap); + char *xor_str = do_alloca(passwd_len + 1, use_heap); memcpy(xor_str, passwd, passwd_len); xor_str[passwd_len] = '\0'; mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len); @@ -817,6 +818,7 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self */ if ((size_t) server_public_key_len - 41 <= passwd_len) { /* password message is to long */ + free_alloca(xor_str, use_heap); SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long"); DBG_ERR("password is too long"); DBG_RETURN(NULL); @@ -826,6 +828,7 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self ret = malloc(*auth_data_len); RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, ret, server_public_key, RSA_PKCS1_OAEP_PADDING); RSA_free(server_public_key); + free_alloca(xor_str, use_heap); } } @@ -1023,7 +1026,8 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn, if (server_public_key) { int server_public_key_len; - char xor_str[passwd_len + 1]; + ALLOCA_FLAG(use_heap) + char *xor_str = do_alloca(passwd_len + 1, use_heap); memcpy(xor_str, passwd, passwd_len); xor_str[passwd_len] = '\0'; mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, SCRAMBLE_LENGTH); @@ -1036,6 +1040,7 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn, */ if ((size_t) server_public_key_len - 41 <= passwd_len) { /* password message is to long */ + free_alloca(xor_str, use_heap); SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long"); DBG_ERR("password is too long"); DBG_RETURN(0); @@ -1043,6 +1048,7 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn, *crypted = emalloc(server_public_key_len); RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, *crypted, server_public_key, RSA_PKCS1_OAEP_PADDING); + free_alloca(xor_str, use_heap); DBG_RETURN(server_public_key_len); } DBG_RETURN(0); |