List:General Discussion« Previous MessageNext Message »
From:Michael Widenius Date:February 11 2000 12:18am
Subject:MySQL Patch
View as plain text  
>>>>> "David" == David E Storey <dave@stripped> writes:

David> Monty,
David> I noticed that you had sent a patch for the password exploit to bugraq.
David> This is great, but do you have an "official" patch for those of us
David> running production versions of MySQL? (3.22.x?) The first two hunks
David> patch nicely, but the last one is a bit perplexing to me and I can't
David> find where it could apply.

David> Any help you could render would be GREATLY appreciated.

Sorry about that:

I am just building a 3.22.x release which will include this patch and
I hoped to get this released before the thing to bugraq was posted...

Anyway, here is the patch for 3.22.x (Should work with most versions)

*** /my/monty/master/mysql-3.22.29/sql/sql_parse.cc	Tue Dec 28 05:41:06 1999
--- ./sql_parse.cc	Wed Feb  9 16:09:32 2000
***************
*** 17,22 ****
--- 17,24 ----
  #include <m_ctype.h>
  #include <thr_alarm.h>
  
+ #define SCRAMBLE_LENGTH 8
+ 
  extern int yyparse(void);
  extern "C" pthread_mutex_t THR_LOCK_keycache;
  
***************
*** 127,134 ****
      end=strmov(buff,server_version)+1;
      int4store((uchar*) end,thd->thread_id);
      end+=4;
!     memcpy(end,thd->scramble,9);
!     end+=9;
  #ifdef HAVE_COMPRESS
      int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
  #else
--- 129,136 ----
      end=strmov(buff,server_version)+1;
      int4store((uchar*) end,thd->thread_id);
      end+=4;
!     memcpy(end,thd->scramble,SCRAMBLE_LENGTH+1);
!     end+=SCRAMBLE_LENGTH+1;
  #ifdef HAVE_COMPRESS
      int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
  #else
***************
*** 153,158 ****
--- 155,162 ----
    if (!(thd->user = my_strdup((char*) net->read_pos+5, MYF(MY_FAE))))
      return(ER_OUT_OF_RESOURCES);
    char *passwd= strend((char*) net->read_pos+5)+1;
+   if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH)
+     return ER_HANDSHAKE_ERROR;
    thd->master_access=acl_getroot(thd->host, thd->ip, thd->user,
  				 passwd, thd->scramble, &thd->priv_user,
  				 protocol_version == 9 ||

Regards,
Monty
Thread
MySQL PatchMichael Widenius11 Feb