• Alexey Kopytov's avatar
    Bug #44767: invalid memory reads in password() and · 877d60a2
    Alexey Kopytov authored
                old_password() functions   
    The PASSWORD() and OLD_PASSWORD() functions could lead to   
    memory reads outside of an internal buffer when used with BLOB   
    arguments.   
      
    String::c_ptr() assumes there is at least one extra byte  
    in the internally allocated buffer when adding the trailing  
    '\0'.  This, however, may not be the case when a String object  
    was initialized with externally allocated buffer.  
      
    The bug was fixed by adding an additional "length" argument to  
    make_scrambled_password_323() and make_scrambled_password() in  
    order to avoid String::c_ptr() calls for  
    PASSWORD()/OLD_PASSWORD().  
      
    However, since the make_scrambled_password[_323] functions are  
    a part of the client library ABI, the functions with the new  
    interfaces were implemented with the 'my_' prefix in their  
    names, with the old functions changed to be wrappers around  
    the new ones to maintain interface compatibility.  
    
    mysql-test/r/func_crypt.result:
      Added a test case for bug #44767.
    mysql-test/t/func_crypt.test:
      Added a test case for bug #44767.
    sql/item_strfunc.cc:
      Use the new my_make_scrambled_password*() to avoid 
      String::c_ptr().
    sql/item_strfunc.h:
      Changed Item_func[_old]_password::alloc() interfaces so that
      we can use the new my_make_scrambled_password*() functions.
    sql/mysql_priv.h:
      Added declarations for the new my_make_scrambled_password*() 
      functions.
    sql/password.c:
      Added new my_make_scrambled_password*() functions with an
      additional "length" argument. Changed ones to be wrappers
      around the new ones to maintain interface compatibility.
    sql/sql_yacc.yy:
      Utilize the new password hashing functions with additional length
      argument.
    877d60a2
item_strfunc.h 22.8 KB