Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
aef45b47
Commit
aef45b47
authored
Jun 01, 2009
by
Alexey Kopytov
Browse files
Options
Browse Files
Download
Plain Diff
Automerge.
parents
094ddf22
7561bc92
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
90 additions
and
21 deletions
+90
-21
mysql-test/r/func_crypt.result
mysql-test/r/func_crypt.result
+11
-0
mysql-test/t/func_crypt.test
mysql-test/t/func_crypt.test
+12
-0
sql/item_strfunc.cc
sql/item_strfunc.cc
+8
-6
sql/item_strfunc.h
sql/item_strfunc.h
+2
-2
sql/mysql_priv.h
sql/mysql_priv.h
+6
-0
sql/password.c
sql/password.c
+45
-8
sql/sql_yacc.yy
sql/sql_yacc.yy
+6
-5
No files found.
mysql-test/r/func_crypt.result
View file @
aef45b47
...
...
@@ -95,3 +95,14 @@ Note 1003 select password('idkfa ') AS `password('idkfa ')`,old_password('idkfa'
select encrypt('1234','_.');
encrypt('1234','_.')
#
#
# Bug #44767: invalid memory reads in password() and old_password()
# functions
#
CREATE TABLE t1(c1 MEDIUMBLOB);
INSERT INTO t1 VALUES (REPEAT('a', 1024));
SELECT OLD_PASSWORD(c1), PASSWORD(c1) FROM t1;
OLD_PASSWORD(c1) PASSWORD(c1)
77023ffe214c04ff *82E58A2C08AAFE72C8EB523069CD8ADB33F78F58
DROP TABLE t1;
End of 5.0 tests
mysql-test/t/func_crypt.test
View file @
aef45b47
...
...
@@ -56,3 +56,15 @@ explain extended select password('idkfa '), old_password('idkfa');
select
encrypt
(
'1234'
,
'_.'
);
# End of 4.1 tests
--
echo
#
--
echo
# Bug #44767: invalid memory reads in password() and old_password()
--
echo
# functions
--
echo
#
CREATE
TABLE
t1
(
c1
MEDIUMBLOB
);
INSERT
INTO
t1
VALUES
(
REPEAT
(
'a'
,
1024
));
SELECT
OLD_PASSWORD
(
c1
),
PASSWORD
(
c1
)
FROM
t1
;
DROP
TABLE
t1
;
--
echo
End
of
5.0
tests
sql/item_strfunc.cc
View file @
aef45b47
...
...
@@ -1629,16 +1629,17 @@ String *Item_func_password::val_str(String *str)
return
0
;
if
(
res
->
length
()
==
0
)
return
&
my_empty_string
;
m
ake_scrambled_password
(
tmp_value
,
res
->
c_ptr
());
m
y_make_scrambled_password
(
tmp_value
,
res
->
ptr
(),
res
->
length
());
str
->
set
(
tmp_value
,
SCRAMBLED_PASSWORD_CHAR_LENGTH
,
res
->
charset
());
return
str
;
}
char
*
Item_func_password
::
alloc
(
THD
*
thd
,
const
char
*
password
)
char
*
Item_func_password
::
alloc
(
THD
*
thd
,
const
char
*
password
,
size_t
pass_len
)
{
char
*
buff
=
(
char
*
)
thd
->
alloc
(
SCRAMBLED_PASSWORD_CHAR_LENGTH
+
1
);
if
(
buff
)
m
ake_scrambled_password
(
buff
,
password
);
m
y_make_scrambled_password
(
buff
,
password
,
pass_len
);
return
buff
;
}
...
...
@@ -1652,16 +1653,17 @@ String *Item_func_old_password::val_str(String *str)
return
0
;
if
(
res
->
length
()
==
0
)
return
&
my_empty_string
;
m
ake_scrambled_password_323
(
tmp_value
,
res
->
c_ptr
());
m
y_make_scrambled_password_323
(
tmp_value
,
res
->
ptr
(),
res
->
length
());
str
->
set
(
tmp_value
,
SCRAMBLED_PASSWORD_CHAR_LENGTH_323
,
res
->
charset
());
return
str
;
}
char
*
Item_func_old_password
::
alloc
(
THD
*
thd
,
const
char
*
password
)
char
*
Item_func_old_password
::
alloc
(
THD
*
thd
,
const
char
*
password
,
size_t
pass_len
)
{
char
*
buff
=
(
char
*
)
thd
->
alloc
(
SCRAMBLED_PASSWORD_CHAR_LENGTH_323
+
1
);
if
(
buff
)
m
ake_scrambled_password_323
(
buff
,
password
);
m
y_make_scrambled_password_323
(
buff
,
password
,
pass_len
);
return
buff
;
}
...
...
sql/item_strfunc.h
View file @
aef45b47
...
...
@@ -268,7 +268,7 @@ public:
String
*
val_str
(
String
*
str
);
void
fix_length_and_dec
()
{
max_length
=
SCRAMBLED_PASSWORD_CHAR_LENGTH
;
}
const
char
*
func_name
()
const
{
return
"password"
;
}
static
char
*
alloc
(
THD
*
thd
,
const
char
*
password
);
static
char
*
alloc
(
THD
*
thd
,
const
char
*
password
,
size_t
pass_len
);
};
...
...
@@ -287,7 +287,7 @@ public:
String
*
val_str
(
String
*
str
);
void
fix_length_and_dec
()
{
max_length
=
SCRAMBLED_PASSWORD_CHAR_LENGTH_323
;
}
const
char
*
func_name
()
const
{
return
"old_password"
;
}
static
char
*
alloc
(
THD
*
thd
,
const
char
*
password
);
static
char
*
alloc
(
THD
*
thd
,
const
char
*
password
,
size_t
pass_len
);
};
...
...
sql/mysql_priv.h
View file @
aef45b47
...
...
@@ -2311,6 +2311,12 @@ extern void turn_parser_debug_on();
SQL_CRYPT
*
get_crypt_for_frm
(
void
);
#endif
/* password.c */
extern
"C"
void
my_make_scrambled_password_323
(
char
*
to
,
const
char
*
password
,
size_t
pass_len
);
extern
"C"
void
my_make_scrambled_password
(
char
*
to
,
const
char
*
password
,
size_t
pass_len
);
#include "sql_view.h"
/* Some inline functions for more speed */
...
...
sql/password.c
View file @
aef45b47
...
...
@@ -137,19 +137,38 @@ void hash_password(ulong *result, const char *password, uint password_len)
Create password to be stored in user database from raw string
Used for pre-4.1 password handling
SYNOPSIS
make_scrambled_password_323()
m
y_m
ake_scrambled_password_323()
to OUT store scrambled password here
password IN user-supplied password
pass_len IN length of password string
*/
void
make_scrambled_password_323
(
char
*
to
,
const
char
*
password
)
void
my_make_scrambled_password_323
(
char
*
to
,
const
char
*
password
,
size_t
pass_len
)
{
ulong
hash_res
[
2
];
hash_password
(
hash_res
,
password
,
(
uint
)
strlen
(
password
)
);
hash_password
(
hash_res
,
password
,
(
uint
)
pass_len
);
sprintf
(
to
,
"%08lx%08lx"
,
hash_res
[
0
],
hash_res
[
1
]);
}
/*
Wrapper around my_make_scrambled_password_323() to maintain client lib ABI
compatibility.
In server code usage of my_make_scrambled_password_323() is preferred to
avoid strlen().
SYNOPSIS
make_scrambled_password_323()
to OUT store scrambled password here
password IN NULL-terminated string with user-supplied password
*/
void
make_scrambled_password_323
(
char
*
to
,
const
char
*
password
)
{
my_make_scrambled_password_323
(
to
,
password
,
strlen
(
password
));
}
/*
Scramble string with password.
Used in pre 4.1 authentication phase.
...
...
@@ -383,20 +402,21 @@ my_crypt(char *to, const uchar *s1, const uchar *s2, uint len)
The result of this function is used as return value from PASSWORD() and
is stored in the database.
SYNOPSIS
make_scrambled_password()
m
y_m
ake_scrambled_password()
buf OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
password IN NULL-terminated password string
password IN password string
pass_len IN length of password string
*/
void
make_scrambled_password
(
char
*
to
,
const
char
*
password
)
void
my_make_scrambled_password
(
char
*
to
,
const
char
*
password
,
size_t
pass_len
)
{
SHA1_CONTEXT
sha1_context
;
uint8
hash_stage2
[
SHA1_HASH_SIZE
];
mysql_sha1_reset
(
&
sha1_context
);
/* stage 1: hash password */
mysql_sha1_input
(
&
sha1_context
,
(
uint8
*
)
password
,
(
uint
)
strlen
(
password
)
);
mysql_sha1_input
(
&
sha1_context
,
(
uint8
*
)
password
,
(
uint
)
pass_len
);
mysql_sha1_result
(
&
sha1_context
,
(
uint8
*
)
to
);
/* stage 2: hash stage1 output */
mysql_sha1_reset
(
&
sha1_context
);
...
...
@@ -409,6 +429,23 @@ make_scrambled_password(char *to, const char *password)
}
/*
Wrapper around my_make_scrambled_password() to maintain client lib ABI
compatibility.
In server code usage of my_make_scrambled_password() is preferred to
avoid strlen().
SYNOPSIS
make_scrambled_password()
buf OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
password IN NULL-terminated password string
*/
void
make_scrambled_password
(
char
*
to
,
const
char
*
password
)
{
my_make_scrambled_password
(
to
,
password
,
strlen
(
password
));
}
/*
Produce an obscure octet sequence from password and random
string, recieved from the server. This sequence corresponds to the
...
...
sql/sql_yacc.yy
View file @
aef45b47
...
...
@@ -12118,15 +12118,16 @@ text_or_password:
| PASSWORD '(' TEXT_STRING ')'
{
$$= $3.length ? YYTHD->variables.old_passwords ?
Item_func_old_password::alloc(YYTHD, $3.str) :
Item_func_password::alloc(YYTHD, $3.str) :
Item_func_old_password::alloc(YYTHD, $3.str
, $3.length
) :
Item_func_password::alloc(YYTHD, $3.str
, $3.length
) :
$3.str;
if ($$ == NULL)
MYSQL_YYABORT;
}
| OLD_PASSWORD '(' TEXT_STRING ')'
{
$$= $3.length ? Item_func_old_password::alloc(YYTHD, $3.str) :
$$= $3.length ? Item_func_old_password::alloc(YYTHD, $3.str,
$3.length) :
$3.str;
if ($$ == NULL)
MYSQL_YYABORT;
...
...
@@ -12588,7 +12589,7 @@ grant_user:
(char *) YYTHD->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH_323+1);
if (buff == NULL)
MYSQL_YYABORT;
m
ake_scrambled_password_323(buff, $4.str
);
m
y_make_scrambled_password_323(buff, $4.str, $4.length
);
$1->password.str= buff;
$1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
}
...
...
@@ -12598,7 +12599,7 @@ grant_user:
(char *) YYTHD->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH+1);
if (buff == NULL)
MYSQL_YYABORT;
m
ake_scrambled_password(buff, $4.str
);
m
y_make_scrambled_password(buff, $4.str, $4.length
);
$1->password.str= buff;
$1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment