From 0905ff2fe56fd09d51465ebb85af1d752c6c5ae8 Mon Sep 17 00:00:00 2001 From: Andrey Hristov Date: Wed, 30 Nov 2011 17:20:25 +0000 Subject: [PATCH] Don't write more data than the protocol can grok or the server will be confused. This comes without a test because the server needs to be a non-community one with closed source PAM plugin loaded. --- ext/mysqlnd/mysqlnd_wireprotocol.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c index 613514ff651..92b5d9e50be 100644 --- a/ext/mysqlnd/mysqlnd_wireprotocol.c +++ b/ext/mysqlnd/mysqlnd_wireprotocol.c @@ -496,6 +496,14 @@ size_t php_mysqlnd_auth_write(void * _packet, MYSQLND_CONN_DATA * conn TSRMLS_DC if (packet->auth_data == NULL) { packet->auth_data_len = 0; } + if (packet->auth_data_len > 0xFF) { + const char * const msg = "Authentication data too long. " + "Won't fit into the buffer and will be truncated. Authentication will thus fail"; + SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg); + php_error_docref(NULL TSRMLS_CC, E_WARNING, msg); + DBG_RETURN(0); + } + int1store(p, packet->auth_data_len); ++p; /*!!!!! is the buffer big enough ??? */