Don't write more data than the protocol can grok or the server will

be confused. This comes without a test because the server needs to be
a non-community one with closed source PAM plugin loaded.

diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 613514ff651a092ec92e3ddba69fdd8727beb6d9..92b5d9e50bec4c0d1576da9901355bf4ee365220 100644 (file)
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -496,6 +496,14 @@ size_t php_mysqlnd_auth_write(void * _packet, MYSQLND_CONN_DATA * conn TSRMLS_DC
                if (packet->auth_data == NULL) {
                        packet->auth_data_len = 0;
                }
+               if (packet->auth_data_len > 0xFF) {
+                       const char * const msg = "Authentication data too long. "
+                               "Won't fit into the buffer and will be truncated. Authentication will thus fail";
+                       SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+                       DBG_RETURN(0);
+               }               
+               
                int1store(p, packet->auth_data_len);
                ++p;
 /*!!!!! is the buffer big enough ??? */