mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 20:42:30 +01:00
1b8322c3c6
old_password() functions The PASSWORD() and OLD_PASSWORD() functions could lead to memory reads outside of an internal buffer when used with BLOB arguments. String::c_ptr() assumes there is at least one extra byte in the internally allocated buffer when adding the trailing '\0'. This, however, may not be the case when a String object was initialized with externally allocated buffer. The bug was fixed by adding an additional "length" argument to make_scrambled_password_323() and make_scrambled_password() in order to avoid String::c_ptr() calls for PASSWORD()/OLD_PASSWORD(). However, since the make_scrambled_password[_323] functions are a part of the client library ABI, the functions with the new interfaces were implemented with the 'my_' prefix in their names, with the old functions changed to be wrappers around the new ones to maintain interface compatibility. mysql-test/r/func_crypt.result: Added a test case for bug #44767. mysql-test/t/func_crypt.test: Added a test case for bug #44767. sql/item_strfunc.cc: Use the new my_make_scrambled_password*() to avoid String::c_ptr(). sql/item_strfunc.h: Changed Item_func[_old]_password::alloc() interfaces so that we can use the new my_make_scrambled_password*() functions. sql/mysql_priv.h: Added declarations for the new my_make_scrambled_password*() functions. sql/password.c: Added new my_make_scrambled_password*() functions with an additional "length" argument. Changed ones to be wrappers around the new ones to maintain interface compatibility. sql/sql_yacc.yy: Utilize the new password hashing functions with additional length argument.
108 lines
2.7 KiB
Text
108 lines
2.7 KiB
Text
drop table if exists t1;
|
|
select length(encrypt('foo', 'ff')) <> 0;
|
|
length(encrypt('foo', 'ff')) <> 0
|
|
1
|
|
create table t1 (name varchar(50), pw varchar(64));
|
|
insert into t1 values ('tom', password('my_pass'));
|
|
set @pass='my_pass';
|
|
select name from t1 where name='tom' and pw=password(@pass);
|
|
name
|
|
tom
|
|
select name from t1 where name='tom' and pw=password(@undefined);
|
|
name
|
|
drop table t1;
|
|
select password('abc');
|
|
password('abc')
|
|
*0D3CED9BEC10A777AEC23CCC353A8C08A633045E
|
|
select password('');
|
|
password('')
|
|
|
|
select old_password('abc');
|
|
old_password('abc')
|
|
7cd2b5942be28759
|
|
select old_password('');
|
|
old_password('')
|
|
|
|
select password('gabbagabbahey');
|
|
password('gabbagabbahey')
|
|
*B0F99D2963660DD7E16B751EC9EE2F17B6A68FA6
|
|
select old_password('idkfa');
|
|
old_password('idkfa')
|
|
5c078dc54ca0fcca
|
|
select length(password('1'));
|
|
length(password('1'))
|
|
41
|
|
select length(encrypt('test'));
|
|
length(encrypt('test'))
|
|
13
|
|
select encrypt('test','aa');
|
|
encrypt('test','aa')
|
|
aaqPiZY5xR5l.
|
|
select old_password(NULL);
|
|
old_password(NULL)
|
|
NULL
|
|
select password(NULL);
|
|
password(NULL)
|
|
NULL
|
|
set global old_passwords=on;
|
|
select password('');
|
|
password('')
|
|
|
|
select old_password('');
|
|
old_password('')
|
|
|
|
select password('idkfa');
|
|
password('idkfa')
|
|
*B669C9DAC3AA6F2254B03CDEF8DFDD6B2D1054BA
|
|
select old_password('idkfa');
|
|
old_password('idkfa')
|
|
5c078dc54ca0fcca
|
|
set old_passwords=on;
|
|
select password('idkfa');
|
|
password('idkfa')
|
|
5c078dc54ca0fcca
|
|
select old_password('idkfa');
|
|
old_password('idkfa')
|
|
5c078dc54ca0fcca
|
|
set global old_passwords=off;
|
|
select password('idkfa');
|
|
password('idkfa')
|
|
5c078dc54ca0fcca
|
|
select old_password('idkfa');
|
|
old_password('idkfa')
|
|
5c078dc54ca0fcca
|
|
set old_passwords=off;
|
|
select password('idkfa ');
|
|
password('idkfa ')
|
|
*2DC31D90647B4C1ABC9231563D2236E96C9A2DB2
|
|
select password('idkfa');
|
|
password('idkfa')
|
|
*B669C9DAC3AA6F2254B03CDEF8DFDD6B2D1054BA
|
|
select password(' idkfa');
|
|
password(' idkfa')
|
|
*12B099E56BB7FE8D43C78FD834A9D1D11178D045
|
|
select old_password('idkfa');
|
|
old_password('idkfa')
|
|
5c078dc54ca0fcca
|
|
select old_password(' i d k f a ');
|
|
old_password(' i d k f a ')
|
|
5c078dc54ca0fcca
|
|
explain extended select password('idkfa '), old_password('idkfa');
|
|
id select_type table type possible_keys key key_len ref rows Extra
|
|
1 SIMPLE NULL NULL NULL NULL NULL NULL NULL No tables used
|
|
Warnings:
|
|
Note 1003 select password(_latin1'idkfa ') AS `password('idkfa ')`,old_password(_latin1'idkfa') AS `old_password('idkfa')`
|
|
select encrypt('1234','_.');
|
|
encrypt('1234','_.')
|
|
#
|
|
#
|
|
# Bug #44767: invalid memory reads in password() and old_password()
|
|
# functions
|
|
#
|
|
CREATE TABLE t1(c1 MEDIUMBLOB);
|
|
INSERT INTO t1 VALUES (REPEAT('a', 1024));
|
|
SELECT OLD_PASSWORD(c1), PASSWORD(c1) FROM t1;
|
|
OLD_PASSWORD(c1) PASSWORD(c1)
|
|
77023ffe214c04ff *82E58A2C08AAFE72C8EB523069CD8ADB33F78F58
|
|
DROP TABLE t1;
|
|
End of 5.0 tests
|