Commit:    4c9e222f99731a851e20c6c0972246d079719095
Author:    Andrey Hristov <and...@php.net>         Wed, 3 Oct 2012 14:02:33 
+0200
Parents:   5a385487c2dbf6a49b0edb140f9cb33c1f7299a1
Branches:  master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=4c9e222f99731a851e20c6c0972246d079719095

Log:
if ssl has been switched on transmit clear-text password

Changed paths:
  M  ext/mysqlnd/mysqlnd.c
  M  ext/mysqlnd/mysqlnd_auth.c
  M  ext/mysqlnd/mysqlnd_net.c
  M  ext/mysqlnd/mysqlnd_structs.h


Diff:
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index 557924c..f5fe075 100644
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -874,6 +874,9 @@ MYSQLND_METHOD(mysqlnd_conn_data, 
connect)(MYSQLND_CONN_DATA * conn,
                        saved_compression = TRUE;
                        net->data->compressed = FALSE;
                }
+               if (net->data->ssl) {
+                       net->data->ssl = FALSE;
+               }
        } else {
                unsigned int max_allowed_size = 
MYSQLND_ASSEMBLED_PACKET_MAX_SIZE;
                conn->m->set_client_option(conn, 
MYSQLND_OPT_MAX_ALLOWED_PACKET, (char *)&max_allowed_size TSRMLS_CC);
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
index 72b2532..f2c5adc 100644
--- a/ext/mysqlnd/mysqlnd_auth.c
+++ b/ext/mysqlnd/mysqlnd_auth.c
@@ -579,33 +579,40 @@ mysqlnd_sha256_auth_get_auth_data(struct 
st_mysqlnd_authentication_plugin * self
        DBG_ENTER("mysqlnd_sha256_auth_get_auth_data");
        DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, 
auth_plugin_data_len, auth_plugin_data);
 
-       *auth_data_len = 0;
-
-       server_public_key = mysqlnd_sha256_get_rsa_key(conn, options, 
net_options TSRMLS_CC);
 
-       if (server_public_key) {
-               int server_public_key_len;
-               char xor_str[passwd_len + 1];
-               memcpy(xor_str, passwd, passwd_len);
-               xor_str[passwd_len] = '\0';
-               mysqlnd_xor_string(xor_str, passwd_len, (char *) 
auth_plugin_data, auth_plugin_data_len);
+       if (conn->net->data->ssl) {
+               /* clear text under SSL */
+               *auth_data_len = passwd_len;
+               ret = malloc(passwd_len);
+               memcpy(ret, passwd, passwd_len);
+       } else {
+               *auth_data_len = 0;
+               server_public_key = mysqlnd_sha256_get_rsa_key(conn, options, 
net_options TSRMLS_CC);
+
+               if (server_public_key) {
+                       int server_public_key_len;
+                       char xor_str[passwd_len + 1];
+                       memcpy(xor_str, passwd, passwd_len);
+                       xor_str[passwd_len] = '\0';
+                       mysqlnd_xor_string(xor_str, passwd_len, (char *) 
auth_plugin_data, auth_plugin_data_len);
+
+                       server_public_key_len = RSA_size(server_public_key);
+                       /*
+                         Because RSA_PKCS1_OAEP_PADDING is used there is a 
restriction on the passwd_len.
+                         RSA_PKCS1_OAEP_PADDING is recommended for new 
applications. See more here:
+                         
http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
+                       */
+                       if ((size_t) server_public_key_len - 41 <= passwd_len) {
+                               /* password message is to long */
+                               SET_CLIENT_ERROR(*conn->error_info, 
CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
+                               DBG_ERR("password is too long");
+                               DBG_RETURN(NULL);
+                       }
 
-               server_public_key_len = RSA_size(server_public_key);
-               /*
-                 Because RSA_PKCS1_OAEP_PADDING is used there is a restriction 
on the passwd_len.
-                 RSA_PKCS1_OAEP_PADDING is recommended for new applications. 
See more here:
-                 http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
-               */
-               if ((size_t) server_public_key_len - 41 <= passwd_len) {
-                       /* password message is to long */
-                       SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, 
UNKNOWN_SQLSTATE, "password is too long");
-                       DBG_ERR("password is too long");
-                       DBG_RETURN(NULL);
+                       *auth_data_len = server_public_key_len;
+                       ret = malloc(*auth_data_len);
+                       RSA_public_encrypt(passwd_len + 1, (zend_uchar *) 
xor_str, ret, server_public_key, RSA_PKCS1_OAEP_PADDING);
                }
-
-               *auth_data_len = server_public_key_len;
-               ret = malloc(*auth_data_len);
-               RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, ret, 
server_public_key, RSA_PKCS1_OAEP_PADDING);
        }
 
        DBG_RETURN(ret);
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index b3d9744..4f55ddb 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -908,6 +908,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const 
net TSRMLS_DC)
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot connect to 
MySQL by using SSL");
                DBG_RETURN(FAIL);
        }
+       net->data->ssl = TRUE;
        /*
          get rid of the context. we are persistent and if this is a real pconn 
used by mysql/mysqli,
          then the context would not survive cleaning of EG(regular_list), 
where it is registered, as a
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index 16092e9..7f512b7 100644
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -797,6 +797,7 @@ struct st_mysqlnd_net_data
 {
        php_stream                      *stream;
        zend_bool                       compressed;
+       zend_bool                       ssl;
 #ifdef MYSQLND_DO_WIRE_CHECK_BEFORE_COMMAND
        zend_uchar                      last_command;
 #else


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to