Fix GH-11440: authentication to a sha256_password account fails over SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Closes GH-11444.

NEWS

@@ -19,6 +19,10 @@ PHP                                                                        NEWS
 - FFI:
   . Fix leaking definitions when using FFI::cdef()->new(...). (ilutov)
 
+- MySQLnd:
+  . Fixed bug GH-11440 (authentication to a sha256_password account fails over
+    SSL). (nielsdos)
+
 - Opcache:
   . Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or
     opcache_get_status() / phpinfo() is wrong). (nielsdos)

ext/mysqlnd/mysqlnd_auth.c

@@ -912,9 +912,12 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self
 	if (conn->vio->data->ssl) {
 		DBG_INF("simple clear text under SSL");
 		/* clear text under SSL */
-		*auth_data_len = passwd_len;
+		/* NUL termination byte required: https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase_authentication_methods_clear_text_password.html
-		ret = malloc(passwd_len);
+		 * (this is similar to bug #78680, but now as GH-11440) */
+		*auth_data_len = passwd_len + 1;
+		ret = malloc(passwd_len + 1);
 		memcpy(ret, passwd, passwd_len);
+		ret[passwd_len] = '\0';
 	} else {
 		*auth_data_len = 0;
 		server_public_key = mysqlnd_sha256_get_rsa_key(conn, session_options, pfc_data);