archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
php-src/ext/mysqlnd
History
Niels Dossche 509906b2a5 Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters 
https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html
tells us that the nonce used in this authentication method is 20 bytes
long. However, we might receive additional scramble data in
php_mysqlnd_greet_read not used in this method.
On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted
in the xor computation to incorrectly include the NUL byte. Every
password of at least 20 characters therefore failed to authenticate
using this method.

Looking at mysql-server source code also seems to reveal that it always
uses a fixed number of scramble bytes [1].

[1] ea7087d885/sql/auth/sha2_password.cc (L1078-L1079)

Closes GH-11445.

Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
2023-08-03 20:28:11 +02:00
..
config-win.h Drop unnecessary stdint and inttypes header checks 2020-04-22 20:18:19 +02:00
config.w32 Native Windows support for mysqlnd sha256 authentification 2020-03-02 16:32:51 +01:00
config9.m4 Remove MYSQLND_COMPRESSION_WANTED define 2020-06-04 10:03:39 +02:00
CREDITS
mysql_float_to_double.h Move php_gcvt to zend_gcvt 2021-08-02 14:51:46 +02:00
mysqlnd.h Remove mysqlnd local_tx functionality 2021-08-12 15:21:21 +02:00
mysqlnd_alloc.c Fix potential heap corruption due to alignment mismatch 2022-10-13 11:47:24 +02:00
mysqlnd_alloc.h Implement mysqlnd_set_persistent_string (#7371) 2021-08-20 12:03:46 +01:00
mysqlnd_auth.c Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters 2023-08-03 20:28:11 +02:00
mysqlnd_auth.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_block_alloc.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_block_alloc.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_charset.c Merge branch 'PHP-8.0' into PHP-8.1 2022-06-10 12:44:39 -04:00
mysqlnd_charset.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_commands.c Implement mysqlnd_set_persistent_string (#7371) 2021-08-20 12:03:46 +01:00
mysqlnd_commands.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_connection.c Merge branch 'PHP-8.0' into PHP-8.1 2022-10-01 11:23:34 +02:00
mysqlnd_connection.h Replace macro with inline function (#7365) 2021-08-13 20:03:26 +01:00
mysqlnd_debug.c Fix printf formats in mysql debug logging 2021-06-16 16:09:06 +02:00
mysqlnd_debug.h Fix printf formats in mysql debug logging 2021-06-16 16:09:06 +02:00
mysqlnd_driver.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_enum_n_def.h Remove mysqlnd local_tx functionality 2021-08-12 15:21:21 +02:00
mysqlnd_ext_plugin.c Mark various functions with void arguments. 2021-05-12 14:55:53 +01:00
mysqlnd_ext_plugin.h Mark various functions with void arguments. 2021-05-12 14:55:53 +01:00
mysqlnd_libmysql_compat.h Remove get_parameter_metadata 2021-07-29 14:21:13 +01:00
mysqlnd_loaddata.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_plugin.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_plugin.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_portability.h Remove MYSQLND_SZ_T_SPEC 2021-08-12 15:29:06 +02:00
mysqlnd_priv.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_protocol_frame_codec.c Remove MYSQLND_SZ_T_SPEC 2021-08-12 15:29:06 +02:00
mysqlnd_protocol_frame_codec.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_ps.c Fix mnd_malloc -> mnd_emalloc from previous merge 2022-03-31 10:53:58 +01:00
mysqlnd_ps.h Mark various functions with void arguments. 2021-05-12 14:55:53 +01:00
mysqlnd_ps_codec.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
mysqlnd_read_buffer.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_read_buffer.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_result.c Merge branch 'PHP-8.0' into PHP-8.1 2021-10-08 15:02:29 +02:00
mysqlnd_result.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_result_meta.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_result_meta.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_reverse_api.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_reverse_api.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_statistics.c Drop mysqlnd statistics triggers 2021-07-29 14:21:13 +01:00
mysqlnd_statistics.h Drop mysqlnd statistics triggers 2021-07-29 14:21:13 +01:00
mysqlnd_structs.h Remove mysqlnd local_tx functionality 2021-08-12 15:21:21 +02:00
mysqlnd_vio.c Fix GH-8979: Possible Memory Leak with SSL-enabled MySQL connections 2023-03-24 18:03:29 +01:00
mysqlnd_vio.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
mysqlnd_wireprotocol.c Merge branch 'PHP-8.0' into PHP-8.1 2022-10-27 18:31:38 +01:00
mysqlnd_wireprotocol.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_mysqlnd.c Return value from ZEND_ATOL 2021-07-12 16:51:24 +02:00
php_mysqlnd.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00