From 813d4a00b4ce912e58c090f9bb1d0bdd74baf68c Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 27 Dec 2019 16:07:28 +0100
Subject: Handle error response during caching_sha2_password auth

In particular, this fixes handling of expired passwords.
---
 ext/mysqlnd/mysqlnd_auth.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ext/mysqlnd/mysqlnd_auth.c')

diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
index c4bd53d8c3..2a5924a531 100644
--- a/ext/mysqlnd/mysqlnd_auth.c
+++ b/ext/mysqlnd/mysqlnd_auth.c
@@ -1073,6 +1073,13 @@ mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plu
 	}
 
 	switch (result_packet.response_code) {
+		case 0xFF:
+			if (result_packet.sqlstate[0]) {
+				strlcpy(conn->error_info->sqlstate, result_packet.sqlstate, sizeof(conn->error_info->sqlstate));
+				DBG_ERR_FMT("ERROR:%u [SQLSTATE:%s] %s", result_packet.error_no, result_packet.sqlstate, result_packet.error);
+			}
+			SET_CLIENT_ERROR(conn->error_info, result_packet.error_no, UNKNOWN_SQLSTATE, result_packet.error);
+			DBG_RETURN(FAIL);
 		case 0xFE:
 			DBG_INF("auth switch response");
 			*new_auth_protocol = result_packet.new_auth_protocol;
-- 
cgit v1.2.1