hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for incorrect password handling.

Browse Source
This commit is contained in:
counterpoint
2015-07-06 15:29:58 +01:00
parent 77d374cd52
commit 44fcb9bc31
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/modules/protocol/mysql_common.c
View File

@ -46,6 +46,9 @@
#include <log_manager.h> #include <log_manager.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
/* The following can be compared using memcmp to detect a null password */
uint8_t null_client_sha1[MYSQL_SCRAMBLE_LEN]="";
/** Defined in log_manager.cc */ /** Defined in log_manager.cc */
extern int lm_enabled_logfiles_bitmask; extern int lm_enabled_logfiles_bitmask;
extern size_t log_ses_count[]; extern size_t log_ses_count[];
@ -577,7 +580,7 @@ int gw_send_authentication_to_backend(
if (strlen(dbname)) if (strlen(dbname))
curr_db = dbname; curr_db = dbname;
if (strlen((char *)passwd)) if (memcmp(passwd, null_client_sha1, MYSQL_SCRAMBLE_LEN))
curr_passwd = passwd; curr_passwd = passwd;
dcb = conn->owner_dcb; dcb = conn->owner_dcb;
@ -1122,7 +1125,7 @@ GWBUF* gw_create_change_user_packet(
curr_db = db; curr_db = db;
} }
if (strlen((char *)pwd) > 0) if (memcmp(pwd, null_client_sha1, MYSQL_SCRAMBLE_LEN))
{ {
curr_passwd = pwd; curr_passwd = pwd;
} }
@ -1358,12 +1361,7 @@ int gw_check_mysql_scramble_data(DCB *dcb, uint8_t *token, unsigned int token_le
gw_bin2hex(hex_double_sha1, password, SHA_DIGEST_LENGTH); gw_bin2hex(hex_double_sha1, password, SHA_DIGEST_LENGTH);
} else { } else {
/* check if the password is not set in the user table */ /* check if the password is not set in the user table */
if (!strlen((char *)password)) { return memcmp(password, null_client_sha1, MYSQL_SCRAMBLE_LEN) ? 1 : 0;
/* Username without password */
return 0;
} else {
return 1;
}
} }
/*< /*<