andrey Wed, 30 Nov 2011 17:20:25 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=320201
Log: Don't write more data than the protocol can grok or the server will be confused. This comes without a test because the server needs to be a non-community one with closed source PAM plugin loaded. Changed paths: U php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c U php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c Modified: php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c 2011-11-30 15:59:24 UTC (rev 320200) +++ php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_wireprotocol.c 2011-11-30 17:20:25 UTC (rev 320201) @@ -496,6 +496,14 @@ if (packet->auth_data == NULL) { packet->auth_data_len = 0; } + if (packet->auth_data_len > 0xFF) { + const char * const msg = "Authentication data too long. " + "Won't fit into the buffer and will be truncated. Authentication will thus fail"; + SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg); + php_error_docref(NULL TSRMLS_CC, E_WARNING, msg); + DBG_RETURN(0); + } + int1store(p, packet->auth_data_len); ++p; /*!!!!! is the buffer big enough ??? */ Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c =================================================================== --- php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c 2011-11-30 15:59:24 UTC (rev 320200) +++ php/php-src/trunk/ext/mysqlnd/mysqlnd_wireprotocol.c 2011-11-30 17:20:25 UTC (rev 320201) @@ -496,6 +496,14 @@ if (packet->auth_data == NULL) { packet->auth_data_len = 0; } + if (packet->auth_data_len > 0xFF) { + const char * const msg = "Authentication data too long. " + "Won't fit into the buffer and will be truncated. Authentication will thus fail"; + SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg); + php_error_docref(NULL TSRMLS_CC, E_WARNING, msg); + DBG_RETURN(0); + } + int1store(p, packet->auth_data_len); ++p; /*!!!!! is the buffer big enough ??? */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php