'[PHP-CVS] =?utf-8?q?svn:_/php/php-src/_branches/PHP=5F5=5F4/ext/mysqlnd/mysqlnd=5Fwireprotocol.c_tru'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-cvs
Subject:    [PHP-CVS] =?utf-8?q?svn:_/php/php-src/_branches/PHP=5F5=5F4/ext/mysqlnd/mysqlnd=5Fwireprotocol.c_tru
From:       Andrey_Hristov <andrey () php ! net>
Date:       2011-11-30 17:20:25
Message-ID: svn-andrey-1322673625-320201-217823128 () svn ! php ! net
[Download RAW message or body]

andrey                                   Wed, 30 Nov 2011 17:20:25 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=320201

Log:
Don't write more data than the protocol can grok or the server will
be confused. This comes without a test because the server needs to be
a non-community one with closed source PAM plugin loaded.

Changed paths:
    U   php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c
    U   php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c

Modified: php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c	2011-11-30 15:59:24 UTC (rev 320200)
+++ php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c	2011-11-30 17:20:25 UTC (rev 320201)
@@ -496,6 +496,14 @@
 		if (packet->auth_data == NULL) {
 			packet->auth_data_len = 0;
 		}
+		if (packet->auth_data_len > 0xFF) {
+			const char * const msg = "Authentication data too long. "
+				"Won't fit into the buffer and will be truncated. Authentication will thus fail";
+			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+			DBG_RETURN(0);
+		}
+
 		int1store(p, packet->auth_data_len);
 		++p;
 /*!!!!! is the buffer big enough ??? */

Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c	2011-11-30 15:59:24 UTC (rev 320200)
+++ php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c	2011-11-30 17:20:25 UTC (rev 320201)
@@ -496,6 +496,14 @@
 		if (packet->auth_data == NULL) {
 			packet->auth_data_len = 0;
 		}
+		if (packet->auth_data_len > 0xFF) {
+			const char * const msg = "Authentication data too long. "
+				"Won't fit into the buffer and will be truncated. Authentication will thus fail";
+			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+			DBG_RETURN(0);
+		}
+
 		int1store(p, packet->auth_data_len);
 		++p;
 /*!!!!! is the buffer big enough ??? */



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic