Commit graph

52 commits

Author SHA1 Message Date
Alexey Kopytov
bdcce95f13 Manual merge. 2009-06-01 16:00:38 +04:00
Alexey Kopytov
2df531fdc4 Bug #44767: invalid memory reads in password() and
old_password() functions   
The PASSWORD() and OLD_PASSWORD() functions could lead to   
memory reads outside of an internal buffer when used with BLOB   
arguments.   
  
String::c_ptr() assumes there is at least one extra byte  
in the internally allocated buffer when adding the trailing  
'\0'.  This, however, may not be the case when a String object  
was initialized with externally allocated buffer.  
  
The bug was fixed by adding an additional "length" argument to  
make_scrambled_password_323() and make_scrambled_password() in  
order to avoid String::c_ptr() calls for  
PASSWORD()/OLD_PASSWORD().  
  
However, since the make_scrambled_password[_323] functions are  
a part of the client library ABI, the functions with the new  
interfaces were implemented with the 'my_' prefix in their  
names, with the old functions changed to be wrappers around  
the new ones to maintain interface compatibility.
2009-05-27 14:20:57 +04:00
monty@narttu.mysql.fi
8a80e36ac3 Merge mysql.com:/home/my/mysql-5.0
into  mysql.com:/home/my/mysql-5.1
Merge of 'remove compiler warnings when using -Wshadow'
2007-01-27 03:46:45 +02:00
monty@mysql.com/narttu.mysql.fi
a04157fbb3 Merge bk-internal.mysql.com:/home/bk/mysql-5.0
into  mysql.com:/home/my/mysql-5.0
2007-01-22 14:04:40 +02:00
kent@kent-amd64.(none)
58763e383e Merge mysql.com:/home/kent/bk/main/mysql-5.0
into  mysql.com:/home/kent/bk/main/mysql-5.1
2006-12-31 01:32:21 +01:00
kent@mysql.com/kent-amd64.(none)
6523aca729 my_strtoll10-x86.s:
Corrected spelling in copyright text
Makefile.am:
  Don't update the files from BitKeeper
Many files:
  Removed "MySQL Finland AB & TCX DataKonsult AB" from copyright header
  Adjusted year(s) in copyright header 
Many files:
  Added GPL copyright text
Removed files:
  Docs/Support/colspec-fix.pl
  Docs/Support/docbook-fixup.pl
  Docs/Support/docbook-prefix.pl
  Docs/Support/docbook-split
  Docs/Support/make-docbook
  Docs/Support/make-makefile
  Docs/Support/test-make-manual
  Docs/Support/test-make-manual-de
  Docs/Support/xwf
2006-12-31 01:02:27 +01:00
kent@kent-amd64.(none)
be15e3bc15 Merge mysql.com:/home/kent/bk/main/mysql-5.0
into  mysql.com:/home/kent/bk/main/mysql-5.1
2006-12-23 20:20:40 +01:00
kent@mysql.com/kent-amd64.(none)
226a5c833f Many files:
Changed header to GPL version 2 only
2006-12-23 20:17:15 +01:00
monty@mysql.com/narttu.mysql.fi
88dd873de0 Fixed compiler warnings detected by option -Wshadow and -Wunused:
- Removed not used variables and functions
- Added #ifdef around code that is not used
- Renamed variables and functions to avoid conflicts
- Removed some not used arguments

Fixed some class/struct warnings in ndb
Added define IS_LONGDATA() to simplify code in libmysql.c

I did run gcov on the changes and added 'purecov' comments on almost all lines that was not just variable name changes
2006-12-15 00:51:37 +02:00
monty@mysql.com/narttu.mysql.fi
3d40956039 Fixed portability issue in my_thr_init.c (was added in my last push)
Fixed compiler warnings (detected by VC++):
- Removed not used variables
- Added casts
- Fixed wrong assignments to bool
- Fixed wrong calls with bool arguments
- Added missing argument to store(longlong), which caused wrong store method to be called.
2006-11-30 18:25:05 +02:00
monty@mysql.com
1994ed49ec Fixed compiler and valgrind warnings
Added missing DBUG_xxx_RETURN statements
Fixed some usage of not initialized variables (as found by valgrind)
Ensure that we don't remove locked tables used as name locks from open table cache until unlock_table_names() are called.
This was fixed by having drop_locked_name() returning any table used as a name lock so that we can free it in unlock_table_names()
This will allow Tomas to continue with his work to use namelocks to syncronize things.

Note: valgrind still produces a lot of warnings about using not initialized code and shows memory loss errors when running the ndb tests
2006-03-29 14:27:36 +03:00
konstantin@mysql.com
4d272aba67 Merge mysql.com:/opt/local/work/mysql-4.1-root
into  mysql.com:/opt/local/work/mysql-5.0-root
2006-01-11 17:49:56 +03:00
konstantin@mysql.com
9105d06dd6 A fix for Bug#13944 "libmysqlclient exporting sha1_result function":
rename sha1_* to mysql_sha1_*
2006-01-11 17:31:52 +03:00
monty@mysql.com
f5fdf3e87a Reviewing new pushed code
- CHAR() now returns binary string as default
- CHAR(X*65536+Y*256+Z) is now equal to CHAR(X,Y,Z) independent of the character set for CHAR()
- Test for both ETIMEDOUT and ETIME from pthread_cond_timedwait()
  (Some old systems returns ETIME and it's safer to test for both values
   than to try to write a wrapper for each old system)
- Fixed new introduced bug in NOT BETWEEN X and X
- Ensure we call commit_by_xid or rollback_by_xid for all engines, even if one engine has failed
- Use octet2hex() for all conversion of string to hex
- Simplify and optimize code
2005-10-12 00:58:22 +03:00
bar@mysql.com
1d12ac8849 Bug#10504
Character set does not support traditional mode
ctype_utf8.result, ctype_utf8.test:
  adding test case.
password.c, mysql_com.h
  Changeing octet2hex availability from static to public.
item_strfunc.cc:
  Result string is now checked to be well-formed.
  Warning/error is generated, depending on sql_mode.
2005-09-16 10:24:37 +05:00
georg@lmy002.wdf.sap.corp
b64e6db5a4 fixes for windows 64-bit compiler warnings 2005-06-13 12:41:15 +02:00
monty@mishka.local
4f4bbfc279 Merge with 4.1 2004-12-22 13:54:39 +02:00
serg@serg.mylan
d7acab1530 sql/password.c: check for buffer overflow in check_scramble_323 (BUG#7187) 2004-12-11 10:17:25 +01:00
monty@mysql.com
afbe601302 merge with 4.1 2004-10-29 19:26:52 +03:00
konstantin@mysql.com
37ab172624 Remove stale declaration, fix a typo in comment. 2004-10-15 22:03:11 +04:00
bell@sanja.is.com.ua
3ef0b19cd3 fixed & added comments (according to Igor's review and a bit more) 2004-10-07 01:45:06 +03:00
serg@serg.mylan
6341c93d77 check_scramble_323 shuold ensure that the scramble has the correct length 2004-06-01 23:58:33 +02:00
dlenev@brandersnatch.localdomain
03b705ff44 Made my_snprintf() behavior snprintf() compatible when printing %x arguments (it should
produce hex digits in lower case). (fixed version)

Replaced _dig_vec array with two _dig_vec_upper/_dig_vec_lower arrays.
Added extra argument to int2str function which controls case of digits you get.
Replaced lot of invocations of int2str for decimal radix with more optimized int10_to_str()
function.
Removed unused my_itoa/my_ltoa functions.
2004-05-27 17:54:40 +04:00
serg@serg.mylan
2317fa3ba5 C cleanups 2003-09-03 16:31:01 +02:00
kostja@oak.local
09e53b0169 Style fixes, comments for 4.1.1 authorization
Now special 1-byte packet is used for request of old password
Fixed bug with --skip-grant-tables and acl_getroot
2003-07-18 18:25:54 +04:00
kostja@oak.local
a232225b69 Preliminary support for options --secure-auth,
--old-passwords
Support for option --old-protocol was removed.
Some test performed.
Tests for SSL and replication are pending.
More strict following to specification for --old-passwords
is in the TODO.
2003-07-08 02:36:14 +04:00
kostja@oak.local
1d20b23247 Bug fixes for authentication
OLD_PASSWORD made a keyword to allow set password=old_password('abc') constructions.
2003-07-04 20:52:04 +04:00
kostja@oak.local
7df0475847 First version of new authentification procedure: now authentification is one-stage (instead of two-stage in 4.1)
For now following tasks have been done:
- PASSWORD() function was rewritten. PASSWORD() now returns SHA1
  hash_stage2; for new passwords user.password contains '*'hash_stage2; sql_yacc.yy also fixed; 

- password.c: new functions were implemented, old rolled back to 4.0 state

- server code was rewritten to use new authorization algorithm (check_user(), change
  user, and other stuff in sql/sql_parse.cc)

- client code was rewritten to use new authorization algorithm
  (mysql_real_connect, myslq_authenticate in sql-common/client.c)

- now server barks on 45-byte-length 4.1.0 passwords and refuses 4.1.0-style
  authentification. Users with 4.1.0 passwords are blocked (sql/sql_acl.cc)

- mysqladmin.c was fixed to work correctly with new passwords

Tests for 4.0-4.1.1, 4.1.1-4.1.1 (with or without db/password) logons was performed;
mysqladmin also was tested. Additional check are nevertheless necessary.
2003-07-01 23:40:59 +04:00
serg@serg.mysql.com
67fff29100 fixed bad merge (s/rnd/my_rnd/) 2003-03-20 11:48:02 +01:00
monty@narttu.mysql.fi
b883a9c01c Merge with 4.0.12 2003-03-19 22:25:44 +02:00
lenz@mysql.com
04071da35a - renamed "rnd" to "my_rnd" as the name was too generic (and is an exported
symbol in libmysqlclient) (thanks to Dennis Haney for the initial patch)
 - cleanup: removed client/password.c (not used at all) and
   libmysql/password.c (should rather be a symlink to sql/password.c instead)
 - applied HPUX11 portability fix for char_val declaration to sql/password.c
   (taken from libmysql/password.c)
2003-03-18 22:14:02 +01:00
monty@mashka.mysql.fi
e327393e9d Fixed a lot of wrong memory references as reported by valgrind
Portability fixes
Added new client function: mysql_get_server_version()
New server help code (From Victor Vagin)
Fixed wrong usage of binary()
Disabled RTREE usage for now.
2003-02-12 21:55:37 +02:00
monty@mashka.mysql.fi
25c393a12e Portability fixes (for windows)
Some changes to the prepared statement protocol to make it easier to use and faster.
2003-01-21 21:07:59 +02:00
monty@mashka.mysql.fi
46ec0c5d33 Removed compiler warnings 2003-01-18 21:55:01 +02:00
bell@sanja.is.com.ua
fe9e139056 postreview fix (SCRUM)
fixed layout
2002-12-28 01:01:05 +02:00
peter@mysql.com
9be360eead Minor new auth fixes 2002-12-09 14:29:17 +03:00
monty@mashka.mysql.fi
f1d35b29bc merge fix 2002-12-06 21:15:05 +02:00
peter@mysql.com
3ee8bee22f Basically minor code optimizations and cleanups 2002-12-05 03:55:29 +03:00
peter@mysql.com
1d920529a8 SCRAM Remove spaces from most changed files.
This alters not only my code so it looks like I'm not only one adding the spaces.
2002-12-05 01:14:51 +03:00
monty@hundin.mysql.fi
8830eb4aa9 Change of internal key_field=NULL handling to avoid error messages.
Optimized SELECT DISTINCT ... ORDER BY ... LIMIT
Fixed reference to uninitalized variable
2002-12-03 13:08:25 +02:00
peter@mysql.com
a24258375a SCRUM: Montymise code
fix mysql_change_user() for old clients
2002-11-30 20:58:53 +03:00
peter@mysql.com
54ff0efe7c SCRUM: Secure auth
Implement mysql_change_user
Get rid of double user search at authentication
Some cleanups
2002-11-30 16:31:58 +03:00
peter@mysql.com
7e6977808f Correct bug which exposed itself in rpl000017
Commit for merge
2002-11-29 21:34:13 +03:00
peter@mysql.com
35ccfd0b42 SCRUM: Main change for Secure connection handling. Still needs some more coding. Commit
done for merge with newer version of code.
2002-11-24 17:07:53 +03:00
peter@mysql.com
ecedc7ac35 More work on secure authentication. Commit for merge 2002-11-05 20:21:55 +03:00
peter@mysql.com
d21402052c One more commit to do the merge of new 4.1 tree 2002-10-06 13:42:16 +04:00
peter@mysql.com
f3c51eec31 One more commit required to merge second pack of Monty's patches 2002-10-03 22:42:13 +04:00
peter@mysql.com
f1155a98a4 Changeset to deal with 4.1 -> 4.0 merge 2002-10-02 23:43:27 +04:00
monty@hundin.mysql.fi
b658662ae4 Update copyright
Fixed memory leak on shutdown (Affects the embedded version & MyODBC)
2001-12-06 14:10:51 +02:00
monty@hundin.mysql.fi
7cadc6e711 Changed to use my_global.h
Fixed problem with LIKE with latin1_de
Added parsing support of UNSIGNED LONG LONG
2001-09-14 02:54:33 +03:00