mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
if ssl has been switched on transmit clear-text password
This commit is contained in:
parent
5a385487c2
commit
4c9e222f99
@ -874,6 +874,9 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn,
|
||||
saved_compression = TRUE;
|
||||
net->data->compressed = FALSE;
|
||||
}
|
||||
if (net->data->ssl) {
|
||||
net->data->ssl = FALSE;
|
||||
}
|
||||
} else {
|
||||
unsigned int max_allowed_size = MYSQLND_ASSEMBLED_PACKET_MAX_SIZE;
|
||||
conn->m->set_client_option(conn, MYSQLND_OPT_MAX_ALLOWED_PACKET, (char *)&max_allowed_size TSRMLS_CC);
|
||||
|
@ -579,33 +579,40 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self
|
||||
DBG_ENTER("mysqlnd_sha256_auth_get_auth_data");
|
||||
DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data);
|
||||
|
||||
*auth_data_len = 0;
|
||||
|
||||
server_public_key = mysqlnd_sha256_get_rsa_key(conn, options, net_options TSRMLS_CC);
|
||||
if (conn->net->data->ssl) {
|
||||
/* clear text under SSL */
|
||||
*auth_data_len = passwd_len;
|
||||
ret = malloc(passwd_len);
|
||||
memcpy(ret, passwd, passwd_len);
|
||||
} else {
|
||||
*auth_data_len = 0;
|
||||
server_public_key = mysqlnd_sha256_get_rsa_key(conn, options, net_options TSRMLS_CC);
|
||||
|
||||
if (server_public_key) {
|
||||
int server_public_key_len;
|
||||
char xor_str[passwd_len + 1];
|
||||
memcpy(xor_str, passwd, passwd_len);
|
||||
xor_str[passwd_len] = '\0';
|
||||
mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
|
||||
if (server_public_key) {
|
||||
int server_public_key_len;
|
||||
char xor_str[passwd_len + 1];
|
||||
memcpy(xor_str, passwd, passwd_len);
|
||||
xor_str[passwd_len] = '\0';
|
||||
mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
|
||||
|
||||
server_public_key_len = RSA_size(server_public_key);
|
||||
/*
|
||||
Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
|
||||
RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here:
|
||||
http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
|
||||
*/
|
||||
if ((size_t) server_public_key_len - 41 <= passwd_len) {
|
||||
/* password message is to long */
|
||||
SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
|
||||
DBG_ERR("password is too long");
|
||||
DBG_RETURN(NULL);
|
||||
server_public_key_len = RSA_size(server_public_key);
|
||||
/*
|
||||
Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
|
||||
RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here:
|
||||
http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
|
||||
*/
|
||||
if ((size_t) server_public_key_len - 41 <= passwd_len) {
|
||||
/* password message is to long */
|
||||
SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
|
||||
DBG_ERR("password is too long");
|
||||
DBG_RETURN(NULL);
|
||||
}
|
||||
|
||||
*auth_data_len = server_public_key_len;
|
||||
ret = malloc(*auth_data_len);
|
||||
RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, ret, server_public_key, RSA_PKCS1_OAEP_PADDING);
|
||||
}
|
||||
|
||||
*auth_data_len = server_public_key_len;
|
||||
ret = malloc(*auth_data_len);
|
||||
RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, ret, server_public_key, RSA_PKCS1_OAEP_PADDING);
|
||||
}
|
||||
|
||||
DBG_RETURN(ret);
|
||||
|
@ -908,6 +908,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot connect to MySQL by using SSL");
|
||||
DBG_RETURN(FAIL);
|
||||
}
|
||||
net->data->ssl = TRUE;
|
||||
/*
|
||||
get rid of the context. we are persistent and if this is a real pconn used by mysql/mysqli,
|
||||
then the context would not survive cleaning of EG(regular_list), where it is registered, as a
|
||||
|
@ -797,6 +797,7 @@ struct st_mysqlnd_net_data
|
||||
{
|
||||
php_stream *stream;
|
||||
zend_bool compressed;
|
||||
zend_bool ssl;
|
||||
#ifdef MYSQLND_DO_WIRE_CHECK_BEFORE_COMMAND
|
||||
zend_uchar last_command;
|
||||
#else
|
||||
|
Loading…
Reference in New Issue
Block a user