archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

ext/mysqlnd/mysqlnd_auth.c: Add error handling for invalid public key size (#18663)

Browse source 
Reported-by: Pavel Nekrasov <p.nekrasov@fobos-nt.ru>

Signed-off-by: Andrey Kovalev <ded@altlinux.org>
Co-authored-by: Andrey Kovalev <ded@altlinux.org>
This commit is contained in:
Андрей Ковалёв 2025-06-02 12:55:25 +03:00 committed by GitHub
parent f64e3d5d9e
commit b871261c10
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ext/mysqlnd/mysqlnd_auth.c
View file

@ -1005,9 +1005,19 @@ void php_mysqlnd_scramble_sha2(zend_uchar * const buffer, const zend_uchar * con
static size_t
mysqlnd_caching_sha2_public_encrypt(MYSQLND_CONN_DATA * conn, mysqlnd_rsa_t server_public_key, size_t passwd_len, unsigned char **crypted, char *xor_str)
{
size_t server_public_key_len = (size_t) EVP_PKEY_size(server_public_key);
DBG_ENTER("mysqlnd_caching_sha2_public_encrypt");
int pkey_size = EVP_PKEY_size(server_public_key);
if (pkey_size <= 0) {
EVP_PKEY_free(server_public_key);
SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "invalid public key size");
DBG_ERR("invalid public key size");
DBG_RETURN(0);
}
size_t server_public_key_len = (size_t) pkey_size;
/*
Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here: