archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix unix socket check during caching_sha2_password

Browse source 
The fact that conn->unix_socket is set does not mean that a Unix
socket is actually in use -- this member is set in a default
configuration.

Instead check whether a unix_socket stream ops is used.
This commit is contained in:
Nikita Popov 2019-12-27 13:27:10 +01:00
parent 6225137b4a
commit 03ee36d1c5
2 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ext/mysqlnd/mysqlnd_auth.c
View file

@ -1032,6 +1032,14 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
} }
/* }}} */ /* }}} */
static int is_secure_transport(MYSQLND_CONN_DATA *conn) {
if (conn->vio->data->ssl) {
return 1;
}
return strcmp(conn->vio->data->stream->ops->label, "unix_socket") == 0;
}
/* {{{ mysqlnd_caching_sha2_handle_server_response */ /* {{{ mysqlnd_caching_sha2_handle_server_response */
static enum_func_status static enum_func_status
mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self, mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self,
@ -1063,13 +1071,13 @@ mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plu
DBG_INF("fast path succeeded"); DBG_INF("fast path succeeded");
DBG_RETURN(PASS); DBG_RETURN(PASS);
case 4: case 4:
if (conn->vio->data->ssl || conn->unix_socket.s) { if (is_secure_transport(conn)) {
DBG_INF("fast path failed, doing full auth via SSL"); DBG_INF("fast path failed, doing full auth via secure transport");
result_packet.password = (zend_uchar *)passwd; result_packet.password = (zend_uchar *)passwd;
result_packet.password_len = passwd_len + 1; result_packet.password_len = passwd_len + 1;
PACKET_WRITE(conn, &result_packet); PACKET_WRITE(conn, &result_packet);
} else { } else {
DBG_INF("fast path failed, doing full auth without SSL"); DBG_INF("fast path failed, doing full auth via insecure transport");
result_packet.password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet.password, passwd, passwd_len); result_packet.password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet.password, passwd, passwd_len);
PACKET_WRITE(conn, &result_packet); PACKET_WRITE(conn, &result_packet);
efree(result_packet.password); efree(result_packet.password);

4
ext/mysqlnd/mysqlnd_connection.c
View file

@ -671,13 +671,9 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn,
{ {
const MYSQLND_CSTRING scheme = { transport.s, transport.l }; const MYSQLND_CSTRING scheme = { transport.s, transport.l };
/* This will be overwritten below with a copy, but we can use it during authentication */
conn->unix_socket.s = (char *)socket_or_pipe.s;
if (FAIL == conn->m->connect_handshake(conn, &scheme, &username, &password, &database, mysql_flags)) { if (FAIL == conn->m->connect_handshake(conn, &scheme, &username, &password, &database, mysql_flags)) {
conn->unix_socket.s = NULL;
goto err; goto err;
} }
conn->unix_socket.s = NULL;
} }
{ {