Bug #44767: invalid memory reads in password() and
old_password() functions The PASSWORD() and OLD_PASSWORD() functions could lead to memory reads outside of an internal buffer when used with BLOB arguments. String::c_ptr() assumes there is at least one extra byte in the internally allocated buffer when adding the trailing '\0'. This, however, may not be the case when a String object was initialized with externally allocated buffer. The bug was fixed by adding an additional "length" argument to make_scrambled_password_323() and make_scrambled_password() in order to avoid String::c_ptr() calls for PASSWORD()/OLD_PASSWORD(). However, since the make_scrambled_password[_323] functions are a part of the client library ABI, the functions with the new interfaces were implemented with the 'my_' prefix in their names, with the old functions changed to be wrappers around the new ones to maintain interface compatibility. mysql-test/r/func_crypt.result: Added a test case for bug #44767. mysql-test/t/func_crypt.test: Added a test case for bug #44767. sql/item_strfunc.cc: Use the new my_make_scrambled_password*() to avoid String::c_ptr(). sql/item_strfunc.h: Changed Item_func[_old]_password::alloc() interfaces so that we can use the new my_make_scrambled_password*() functions. sql/mysql_priv.h: Added declarations for the new my_make_scrambled_password*() functions. sql/password.c: Added new my_make_scrambled_password*() functions with an additional "length" argument. Changed ones to be wrappers around the new ones to maintain interface compatibility. sql/sql_yacc.yy: Utilize the new password hashing functions with additional length argument.
Showing
Please register or sign in to comment