List:General Discussion« Previous MessageNext Message »
From:Michael Widenius Date:February 10 2000 11:27pm
Subject:[Fwd: mysql vulnerability]
View as plain text  
>>>>> "sasha" == sasha  <sasha@stripped> writes:

sasha> Will the patch you posted for 3.23 work for the latest 3.22?
sasha> -- 
sasha> Sasha Pachev

Almost :( (The same idea works, but one will get one reject for the patch)

Here is the patch for 3.22:

*** /my/monty/master/mysql-3.22.29/sql/sql_parse.cc	Tue Dec 28 05:41:06 1999
--- ./sql_parse.cc	Wed Feb  9 16:09:32 2000
***************
*** 17,22 ****
--- 17,24 ----
  #include <m_ctype.h>
  #include <thr_alarm.h>
  
+ #define SCRAMBLE_LENGTH 8
+ 
  extern int yyparse(void);
  extern "C" pthread_mutex_t THR_LOCK_keycache;
  
***************
*** 127,134 ****
      end=strmov(buff,server_version)+1;
      int4store((uchar*) end,thd->thread_id);
      end+=4;
!     memcpy(end,thd->scramble,9);
!     end+=9;
  #ifdef HAVE_COMPRESS
      int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
  #else
--- 129,136 ----
      end=strmov(buff,server_version)+1;
      int4store((uchar*) end,thd->thread_id);
      end+=4;
!     memcpy(end,thd->scramble,SCRAMBLE_LENGTH+1);
!     end+=SCRAMBLE_LENGTH+1;
  #ifdef HAVE_COMPRESS
      int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
  #else
***************
*** 153,158 ****
--- 155,162 ----
    if (!(thd->user = my_strdup((char*) net->read_pos+5, MYF(MY_FAE))))
      return(ER_OUT_OF_RESOURCES);
    char *passwd= strend((char*) net->read_pos+5)+1;
+   if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH)
+     return ER_HANDSHAKE_ERROR;
    thd->master_access=acl_getroot(thd->host, thd->ip, thd->user,
  				 passwd, thd->scramble, &thd->priv_user,
  				 protocol_version == 9 ||

Regards,
Monty
Thread
[Fwd: mysql vulnerability]Michael Widenius11 Feb