>>>>> "sasha" == sasha <sasha@stripped> writes:
sasha> Will the patch you posted for 3.23 work for the latest 3.22?
sasha> --
sasha> Sasha Pachev
Almost :( (The same idea works, but one will get one reject for the patch)
Here is the patch for 3.22:
*** /my/monty/master/mysql-3.22.29/sql/sql_parse.cc Tue Dec 28 05:41:06 1999
--- ./sql_parse.cc Wed Feb 9 16:09:32 2000
***************
*** 17,22 ****
--- 17,24 ----
#include <m_ctype.h>
#include <thr_alarm.h>
+ #define SCRAMBLE_LENGTH 8
+
extern int yyparse(void);
extern "C" pthread_mutex_t THR_LOCK_keycache;
***************
*** 127,134 ****
end=strmov(buff,server_version)+1;
int4store((uchar*) end,thd->thread_id);
end+=4;
! memcpy(end,thd->scramble,9);
! end+=9;
#ifdef HAVE_COMPRESS
int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
#else
--- 129,136 ----
end=strmov(buff,server_version)+1;
int4store((uchar*) end,thd->thread_id);
end+=4;
! memcpy(end,thd->scramble,SCRAMBLE_LENGTH+1);
! end+=SCRAMBLE_LENGTH+1;
#ifdef HAVE_COMPRESS
int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
#else
***************
*** 153,158 ****
--- 155,162 ----
if (!(thd->user = my_strdup((char*) net->read_pos+5, MYF(MY_FAE))))
return(ER_OUT_OF_RESOURCES);
char *passwd= strend((char*) net->read_pos+5)+1;
+ if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH)
+ return ER_HANDSHAKE_ERROR;
thd->master_access=acl_getroot(thd->host, thd->ip, thd->user,
passwd, thd->scramble, &thd->priv_user,
protocol_version == 9 ||
Regards,
Monty
| Thread |
|---|
| • [Fwd: mysql vulnerability] | Michael Widenius | 11 Feb |
