archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-11440: authentication to a sha256_password account fails over SSL

Browse source 
This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Closes GH-11444.
This commit is contained in:
nielsdos 2023-06-12 23:42:11 +02:00 committed by Niels Dossche
parent 6e468bbd3b
commit 94127c53aa
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -19,6 +19,10 @@ PHP NEWS
- FFI:
. Fix leaking definitions when using FFI::cdef()->new(...). (ilutov)
- MySQLnd:
. Fixed bug GH-11440 (authentication to a sha256_password account fails over
SSL). (nielsdos)
- Opcache:
. Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or
opcache_get_status() / phpinfo() is wrong). (nielsdos)

7
ext/mysqlnd/mysqlnd_auth.c
View file

@ -912,9 +912,12 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self
if (conn->vio->data->ssl) {
DBG_INF("simple clear text under SSL");
/* clear text under SSL */
*auth_data_len = passwd_len;
ret = malloc(passwd_len);
/* NUL termination byte required: https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase_authentication_methods_clear_text_password.html
* (this is similar to bug #78680, but now as GH-11440) */
*auth_data_len = passwd_len + 1;
ret = malloc(passwd_len + 1);
memcpy(ret, passwd, passwd_len);
ret[passwd_len] = '\0';
} else {
*auth_data_len = 0;
server_public_key = mysqlnd_sha256_get_rsa_key(conn, session_options, pfc_data);