archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix unix socket check during caching_sha2_password

Browse source 
The fact that conn->unix_socket is set does not mean that a Unix
socket is actually in use -- this member is set in a default
configuration.

Instead check whether a unix_socket stream ops is used.
This commit is contained in:
Nikita Popov 2019-12-27 13:27:10 +01:00
parent 6225137b4a
commit 03ee36d1c5
2 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ext/mysqlnd/mysqlnd_auth.c
View file

@ -1032,6 +1032,14 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
}
/* }}} */
static int is_secure_transport(MYSQLND_CONN_DATA *conn) {
if (conn->vio->data->ssl) {
return 1;
}
return strcmp(conn->vio->data->stream->ops->label, "unix_socket") == 0;
}
/* {{{ mysqlnd_caching_sha2_handle_server_response */
static enum_func_status
mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self,
@ -1063,13 +1071,13 @@ mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plu
DBG_INF("fast path succeeded");
DBG_RETURN(PASS);
case 4:
if (conn->vio->data->ssl || conn->unix_socket.s) {
DBG_INF("fast path failed, doing full auth via SSL");
if (is_secure_transport(conn)) {
DBG_INF("fast path failed, doing full auth via secure transport");
result_packet.password = (zend_uchar *)passwd;
result_packet.password_len = passwd_len + 1;
PACKET_WRITE(conn, &result_packet);
} else {
DBG_INF("fast path failed, doing full auth without SSL");
DBG_INF("fast path failed, doing full auth via insecure transport");
result_packet.password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet.password, passwd, passwd_len);
PACKET_WRITE(conn, &result_packet);
efree(result_packet.password);

4
ext/mysqlnd/mysqlnd_connection.c
View file

@ -671,13 +671,9 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn,
{
const MYSQLND_CSTRING scheme = { transport.s, transport.l };
/* This will be overwritten below with a copy, but we can use it during authentication */
conn->unix_socket.s = (char *)socket_or_pipe.s;
if (FAIL == conn->m->connect_handshake(conn, &scheme, &username, &password, &database, mysql_flags)) {
conn->unix_socket.s = NULL;
goto err;
}
conn->unix_socket.s = NULL;
}
{