The Wayback Machine - https://web.archive.org/web/20201020112136/https://github.com/go-sql-driver/mysql/pull/887
Skip to content

/ mysql

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Auth Resnponse packet when cleartext is used #887

Merged
merged 4 commits into from Nov 13, 2018
Merged

Fix Auth Resnponse packet when cleartext is used #887

merged 4 commits into from Nov 13, 2018

Conversation

@methane
Copy link
Member

@methane methane commented Oct 30, 2018
edited

Fixes #884

Description

NUL shouldn't be after string[n] auth-response. It breaks following string[NUL] database.

https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeResponse41

So n should contain trailing NUL byte.

I confirmed cleartext is used in sha256_password. I can't confirm cleartext password.
Especially, there are no way to enable fast cleartext password in MySQL 5.7 and 8.0.
(default-authenticate-plugin can't be "cleartext_password".)

Checklist

  • Code compiles correctly
  • Created tests which fail without the change (if possible)
  • All tests passing
  • Extended the README / documentation, if necessary
  • Added myself / the copyright holder to the AUTHORS file
methane added 2 commits Oct 30, 2018
@methane
Fix Auth Resnponse packet when addNUL is true
Loading status checks…
1dc3cd1 
Fixes #884
@methane
Remove addNUL
Loading status checks…
c3870b2
@methane methane changed the title [wip] Fix Auth Resnponse packet when addNUL is true Fix Auth Resnponse packet when cleartext is used Oct 31, 2018
@methane
Copy link
Member Author

@methane methane commented Oct 31, 2018

One problem is what should be returned for empty password: empty string or one byte NUL.

Whan I tested with sha256_password (which returns cleartext when secure connection), one byte NUL is required. I suppose cleartext password plugin is same.
@methane methane requested a review from julienschmidt Oct 31, 2018
@methane methane force-pushed the methane:fix-884 branch from ecaef0b to c3b9ee9 Oct 31, 2018
@methane
Fix tests
Loading status checks…
5c20701
@methane methane force-pushed the methane:fix-884 branch from c3b9ee9 to 5c20701 Oct 31, 2018
@julienschmidt
julienschmidt reviewed Oct 31, 2018
View changes
Copy link
Member

@julienschmidt julienschmidt left a comment

Why did you remove the addNUL?
It's there to avoid an allocation for a return value which is just copied again afterwards anyway.
@julienschmidt
julienschmidt reviewed Oct 31, 2018
View changes
auth_test.go Show resolved Hide resolved
@julienschmidt julienschmidt added this to the v1.4.1 milestone Oct 31, 2018
@julienschmidt julienschmidt added the bug label Oct 31, 2018
@methane
Copy link
Member Author

@methane methane commented Nov 1, 2018

Why did you remove the addNUL?
It's there to avoid an allocation for a return value which is just copied again afterwards anyway.

Because I thought it's there to add NUL after string[n]. And appending it after n bytes was the bug.

I think both of []bytes(mc.cfg.Passwd) and append([]bytes(mc.cfg.Passwd), 0) are allocate once.

Anyway, code around addNUL looks ugly, and this code is used only for authentication, not query.
So performance difference should be ignorable.
@methane
Check writtenAuthRespLen in tests.
Loading status checks…
1a067ba
@methane methane mentioned this pull request Nov 11, 2018
Closed
@julienschmidt
julienschmidt approved these changes Nov 12, 2018
View changes
@methane methane merged commit 369b5d6 into go-sql-driver:master Nov 13, 2018
3 checks passed
3 checks passed
WIP Ready for review
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage increased (+0.04%) to 79.807%
Details
@methane methane deleted the methane:fix-884 branch Nov 13, 2018
@jpeirson
Copy link

@jpeirson jpeirson commented Nov 13, 2018

I can confirm that the fixes in 369b5d6 fix the issue I was having.
julienschmidt added a commit that referenced this pull request Nov 14, 2018
@methane @julienschmidt
Fix Auth Resnponse packet for cleartext password (#887)
Loading status checks…
fb9c42f 
Trailing NUL char should be in `string[n] auth-response`.
But NUL was after auth-response.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug
3 participants
@methane @jpeirson @julienschmidt
You can’t perform that action at this time.