[prev in list] [next in list] [prev in thread] [next in thread]
List: php-cvs
Subject: [PHP-CVS] =?utf-8?q?svn:_/php/php-src/_branches/PHP=5F5=5F4/ext/mysqlnd/mysqlnd=5Fwireprotocol.c_tru
From: Andrey_Hristov <andrey () php ! net>
Date: 2011-11-30 17:20:25
Message-ID: svn-andrey-1322673625-320201-217823128 () svn ! php ! net
[Download RAW message or body]
andrey Wed, 30 Nov 2011 17:20:25 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=320201
Log:
Don't write more data than the protocol can grok or the server will
be confused. This comes without a test because the server needs to be
a non-community one with closed source PAM plugin loaded.
Changed paths:
U php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c
U php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c
Modified: php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c 2011-11-30 15:59:24 UTC (rev 320200)
+++ php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c 2011-11-30 17:20:25 UTC (rev 320201)
@@ -496,6 +496,14 @@
if (packet->auth_data == NULL) {
packet->auth_data_len = 0;
}
+ if (packet->auth_data_len > 0xFF) {
+ const char * const msg = "Authentication data too long. "
+ "Won't fit into the buffer and will be truncated. Authentication will thus fail";
+ SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+ DBG_RETURN(0);
+ }
+
int1store(p, packet->auth_data_len);
++p;
/*!!!!! is the buffer big enough ??? */
Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c 2011-11-30 15:59:24 UTC (rev 320200)
+++ php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c 2011-11-30 17:20:25 UTC (rev 320201)
@@ -496,6 +496,14 @@
if (packet->auth_data == NULL) {
packet->auth_data_len = 0;
}
+ if (packet->auth_data_len > 0xFF) {
+ const char * const msg = "Authentication data too long. "
+ "Won't fit into the buffer and will be truncated. Authentication will thus fail";
+ SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+ DBG_RETURN(0);
+ }
+
int1store(p, packet->auth_data_len);
++p;
/*!!!!! is the buffer big enough ??? */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic