Fix problem of certain passwords (e.g. joomla1) being treated incorrectly as null MXS-202.

2015-06-24 21:06:56 +01:00 · 2015-06-24 21:06:56 +01:00 · e4bde4402b
commit e4bde4402b
parent ced5c67338
2 changed files with 5 additions and 8 deletions
--- a/server/modules/include/mysql_client_server_protocol.h
+++ b/server/modules/include/mysql_client_server_protocol.h
@ -134,6 +134,8 @@ typedef struct mysql_session {
 #endif
 } MYSQL_session;

+/* The following can be compared using memcmp to detect a null password */
+uint8_t null_client_sha1[MYSQL_SCRAMBLE_LEN]="";

 /** Protocol packing macros. */
 #define gw_mysql_set_byte2(__buffer, __int) do { \
--- a/server/modules/protocol/mysql_common.c
+++ b/server/modules/protocol/mysql_common.c
@ -577,7 +577,7 @@ int gw_send_authentication_to_backend(
        if (strlen(dbname))
                curr_db = dbname;

-        if (strlen((char *)passwd))
+        if (memcmp(passwd, null_client_sha1, MYSQL_SCRAMBLE_LEN))
                curr_passwd = passwd;

 	dcb = conn->owner_dcb;
@ -1122,7 +1122,7 @@ GWBUF* gw_create_change_user_packet(
 		curr_db = db;
 	}
 	
-	if (strlen((char *)pwd) > 0)
+	if (memcmp(pwd, null_client_sha1, MYSQL_SCRAMBLE_LEN))
 	{
 		curr_passwd = pwd;
 	}	
@ -1358,12 +1358,7 @@ int gw_check_mysql_scramble_data(DCB *dcb, uint8_t *token, unsigned int token_le
 		gw_bin2hex(hex_double_sha1, password, SHA_DIGEST_LENGTH);
 	} else {
 		/* check if the password is not set in the user table */
-		if (!strlen((char *)password)) {
-			/* Username without password */
-			return 0;
-		} else {
-			return 1;
-		}
+		return memcmp(password, null_client_sha1, MYSQL_SCRAMBLE_LEN) ? 1 : 0;
 	}

 	/*<