Bug#356064: Patch for bug 356064

To: 356064@bugs.debian.org
Cc: mpalmer@debian.org
Subject: Bug#356064: Patch for bug 356064
From: Dalibor Straka <dast@panelnet.cz>
Date: Thu, 24 Jan 2008 23:16:17 +0100
Message-id: <[🔎] 20080124221617.GA28743@panelnet.cz>
Reply-to: Dalibor Straka <dast@panelnet.cz>, 356064@bugs.debian.org

Hello,

i have a complex patch but the two simple thoughts were
1. char scrambled_passwd[32];
is wrong. make_scrambled_passwd returns octet2hex which is longer
according to mysql sources:
buf       OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string

2. the hash itself changed between MySQL versions

Here is the simple patch without my macros, debug and so on...
-- Dalibor Straka

--- mod_auth_mysql.c    2008-01-24 23:06:26.000000000 +0100
+++ /tmp/mod_auth_mysql.c       2008-01-24 23:07:52.000000000 +0100
@@ -230,9 +230,14 @@
 
 static int check_mysql_encryption(const char *passwd, char *enc_passwd)
 {
-       char scrambled_passwd[32];
+
+       char scrambled_passwd[2 * 0x20 + 2];
 
-       make_scrambled_password(scrambled_passwd, passwd);
+       if (strlen(enc_passwd) == 16)
+               make_scrambled_password_323(scrambled_passwd, passwd);
+       else
+               make_scrambled_password(scrambled_passwd, passwd);
+
        return (!strcmp(scrambled_passwd, enc_passwd));
 }

Reply to:

Prev by Date: Processed: your mail
Next by Date: Processed: asdf
Previous by thread: Processed: severity of 453014 is normal
Next by thread: Processed: asdf
Index(es):
- Date
- Thread