Don't use client SHA1 for fake responses

When a fake handshake response is generated for a connection that hasn't received the server's handshake, the client's SHA1 would be used with a static scramble. This, in theory, would weaken the authentication to some extend so to completely prevent this, a null password is used. This removes any possibility of the password being exposed.
2020-06-01 19:28:48 +03:00 · 2020-06-01 19:28:48 +03:00 · cb8b4546cb
commit cb8b4546cb
parent 11960a1e93
1 changed files with 4 additions and 0 deletions
--- a/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc
+++ b/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc
@ -1416,6 +1416,10 @@ static int gw_backend_close(DCB* dcb)
    {
        MYSQL_session client;
        gw_get_shared_session_auth_info(dcb, &client);
+
+        // Don't use the actual client SHA1. This prevents the password from being used with the constant
+        // null scramble we use in these cases.
+        memset(client.client_sha1, 0, sizeof(client.client_sha1));
        memset(proto->scramble, 0, sizeof(proto->scramble));
        dcb_write(dcb, gw_generate_auth_response(&client, proto, false, false, 0));
    }