>>>>> "David" == David E Storey <dave@stripped> writes:
David> Monty,
David> I noticed that you had sent a patch for the password exploit to bugraq.
David> This is great, but do you have an "official" patch for those of us
David> running production versions of MySQL? (3.22.x?) The first two hunks
David> patch nicely, but the last one is a bit perplexing to me and I can't
David> find where it could apply.
David> Any help you could render would be GREATLY appreciated.
Sorry about that:
I am just building a 3.22.x release which will include this patch and
I hoped to get this released before the thing to bugraq was posted...
Anyway, here is the patch for 3.22.x (Should work with most versions)
*** /my/monty/master/mysql-3.22.29/sql/sql_parse.cc Tue Dec 28 05:41:06 1999
--- ./sql_parse.cc Wed Feb 9 16:09:32 2000
***************
*** 17,22 ****
--- 17,24 ----
#include <m_ctype.h>
#include <thr_alarm.h>
+ #define SCRAMBLE_LENGTH 8
+
extern int yyparse(void);
extern "C" pthread_mutex_t THR_LOCK_keycache;
***************
*** 127,134 ****
end=strmov(buff,server_version)+1;
int4store((uchar*) end,thd->thread_id);
end+=4;
! memcpy(end,thd->scramble,9);
! end+=9;
#ifdef HAVE_COMPRESS
int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
#else
--- 129,136 ----
end=strmov(buff,server_version)+1;
int4store((uchar*) end,thd->thread_id);
end+=4;
! memcpy(end,thd->scramble,SCRAMBLE_LENGTH+1);
! end+=SCRAMBLE_LENGTH+1;
#ifdef HAVE_COMPRESS
int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
#else
***************
*** 153,158 ****
--- 155,162 ----
if (!(thd->user = my_strdup((char*) net->read_pos+5, MYF(MY_FAE))))
return(ER_OUT_OF_RESOURCES);
char *passwd= strend((char*) net->read_pos+5)+1;
+ if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH)
+ return ER_HANDSHAKE_ERROR;
thd->master_access=acl_getroot(thd->host, thd->ip, thd->user,
passwd, thd->scramble, &thd->priv_user,
protocol_version == 9 ||
Regards,
Monty
| Thread |
|---|
| • MySQL Patch | Michael Widenius | 11 Feb |
