diff --git a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc index 692f80bbb..08bddce77 100644 --- a/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc +++ b/server/modules/protocol/MySQL/mariadbclient/mysql_client.cc @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -1545,6 +1546,14 @@ static bool reauthenticate_client(MXS_SESSION* session, GWBUF* packetbuf) gwbuf_copy_data(proto->stored_query, MYSQL_HEADER_LEN + 1, sizeof(user), (uint8_t*)user); + char* end = user + sizeof(user); + + if (std::find(user, end, '\0') == end) + { + mysql_send_auth_error(session->client_dcb, 3, 0, "Malformed AuthSwitchRequest packet"); + return false; + } + // Copy the new username to the session data MYSQL_session* data = (MYSQL_session*)session->client_dcb->data; strcpy(data->user, user);