That works for me.
Pushed first patch with above simple fix.
On Sat, Oct 31, 2020 at 4:45 AM Sergei Golubchik <s...@mariadb.org> wrote:
>
> Hi, Daniel!
>
> On Oct 26, Daniel Black wrote:
> > On Thu, Oct 22, 2020 at 8:25 PM Sergei Golubchik <s...@mariadb.org> wrote:
> > >
> > > Hi, Daniel!
> > >
> > > On Oct 22, Daniel Black wrote:
> > > > @@ -14539,6 +14539,12 @@ static int native_password_get_salt(const char
> > > > *hash, size_t hash_length,
> > > >
> > > > if (hash_length != SCRAMBLED_PASSWORD_CHAR_LENGTH)
> > > > {
> > > > + if (hash_length == 7 && strcmp(hash, "invalid") == 0)
> > > > + {
> > > > + memcpy(out, "invalid", 7);
> > > > + *out_length= 7;
> > > > + return 0;
> > > > + }
> > >
> > > okay. After you said ASAN, I think I can see why this could be
> > > problematic.
> > >
> > Updated:
>
> I don't see why you did it that complex with invalid_password and
> everything. It seems you could've fixed the ASAN error from your first
> patch with just
>
> @@ -14498,7 +14498,7 @@ static int
> native_password_authenticate(MYSQL_PLUGIN_VI>
> info->password_used= PASSWORD_USED_YES;
> if (pkt_len == SCRAMBLE_LENGTH)
> {
> - if (!info->auth_string_length)
> + if (info->auth_string_length != SCRAMBLE_LENGTH)
> DBUG_RETURN(CR_AUTH_USER_CREDENTIALS);
>
> if (check_scramble(pkt, thd->scramble, (uchar*)info->auth_string))
>
> Regards,
> Sergei
> VP of MariaDB Server Engineering
> and secur...@mariadb.org
_______________________________________________
Mailing list: https://launchpad.net/~maria-developers
Post to : maria-developers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~maria-developers
More help : https://help.launchpad.net/ListHelp
