* PHP-8.1:
Fix GH-11997: ctype_alnum 5 times slower in PHP 8.1 or greater
Fix GH-12297: PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line
On some configurations, the COMPILE_DL_MYSQLND must come from config.h.
If it isn't set, the get_module function won't be exposed, resulting in
a failure when trying to load the library.
It's the same issue ext/fileinfo had a while back that was fixed in
b0ba368d5.
Closes GH-12299.
* PHP-8.1:
Fix GH-10964: Improve `man` page about the built-in server
Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters
https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html
tells us that the nonce used in this authentication method is 20 bytes
long. However, we might receive additional scramble data in
php_mysqlnd_greet_read not used in this method.
On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted
in the xor computation to incorrectly include the NUL byte. Every
password of at least 20 characters therefore failed to authenticate
using this method.
Looking at mysql-server source code also seems to reveal that it always
uses a fixed number of scramble bytes [1].
[1] ea7087d885/sql/auth/sha2_password.cc (L1078-L1079)
Closes GH-11445.
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
The stream context inside `mysqlnd_vio::enable_ssl()` is leaking.
In particular: when `php_stream_context_set()` get called the refcount
of `context` is increased by 1, which means that `context` will now
have a refcount of 2. Later on we remove the context from the stream
by calling `php_stream_context_set(stream, NULL)` but that leaves our
`context` with a refcount of 1, and therefore it's never destroyed.
In my test case this yielded a leak of 1456 bytes per connection
(but could be more depending on your settings ofc).
Annoyingly, Valgrind doesn't find it because the context is still
in the `EG(regular_list)` and will thus be destroyed at the end of
the request. However, I still think this bug needs to be fixed because
as the users in the issue report already mentioned:
there can be long-running PHP scripts.
Fix it by decreasing the refcount to transfer the ownership.
Closes GH-10909.
The fix for bug 63327[1] changed the extra size of mysqlnd allocations
from `sizeof(size_t)` to the properly aligned values; however, the
allocation in `_mysqlnd_pestrdup()` has apparently been overlooked,
which (currently) causes detectable heap corruption when running
mysqli_get_client_stats.phpt on 32bit Windows versions.
[1] <338a47bb85>
Closes GH-9724.
Unless stringified results are requested, we need to parse large
bigints as unsigned, to avoid wrap-around behavior.
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-7837.
