diff options
| author |   Robin H. Johnson <robbat2@orbis-terrarum.net> | 2012-04-21 12:54:41 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@orbis-terrarum.net> | 2012-04-21 13:03:26 -0700 |
| commit | 7aa54c7d20620cbceeed24a65723d7d1c5a60bc4 (patch) | |
| tree | ca7b911ab2373626d6acae7d5681ed83f726b67f /07342_all_mysql_auth_bypass-5.5.22.patch | |
| parent | Forward-port a Percona patch. (diff) | |
| download | mysql-extras-7aa54c7d20620cbceeed24a65723d7d1c5a60bc4.tar.gz mysql-extras-7aa54c7d20620cbceeed24a65723d7d1c5a60bc4.tar.bz2 mysql-extras-7aa54c7d20620cbceeed24a65723d7d1c5a60bc4.zip | |
Fix auth bypass discovered by MontyProgram, already fix in last week's MariaDB releases.mysql-extras-20120421-2004Z
Diffstat (limited to '07342_all_mysql_auth_bypass-5.5.22.patch')
| -rw-r--r-- | 07342_all_mysql_auth_bypass-5.5.22.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/07342_all_mysql_auth_bypass-5.5.22.patch b/07342_all_mysql_auth_bypass-5.5.22.patch new file mode 100644 index 0000000..84e306a --- /dev/null +++ b/07342_all_mysql_auth_bypass-5.5.22.patch @@ -0,0 +1,17 @@ +Security bug http://bugs.mysql.com/bug.php?id=64884 +Already fixed in MariaDB 5.1.62+/5.5.23+ + +Depends on the result of check_scramble being cast to char directly. + +diff -Nuar mysql.orig/sql/password.c mysql/sql/password.c +--- mysql.orig/sql/password.c 2012-03-02 11:44:47.000000000 -0800 ++++ mysql/sql/password.c 2012-04-21 10:59:39.502744613 -0700 +@@ -531,7 +531,7 @@ + mysql_sha1_reset(&sha1_context); + mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE); + mysql_sha1_result(&sha1_context, hash_stage2_reassured); +- return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); ++ return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE)); + } + + |