From: Johannes Schlüter Date: Tue, 20 Feb 2018 22:13:03 +0000 (+0100) Subject: Fix negotiaton of MySQL auth plugin X-Git-Tag: php-7.2.4RC1~54^2^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8f3c29aee1aefe4f3fa61a53f59d8ae4c95c5667;p=php Fix negotiaton of MySQL auth plugin --- diff --git a/NEWS b/NEWS index 7a240b3926..a69c4a2f6c 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,9 @@ PHP NEWS . Fixed bug #75579 (Interned strings buffer overflow may cause crash). (Dmitry) +- myslqnd + . Fixed negotiaton of MySQL authenticaton plugin. (Johannes) + - PCRE: . Fixed bug #74183 (preg_last_error not returning error code after error). (Andrew Nester) diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c index 40ca48e3f4..ef138f8bfd 100644 --- a/ext/mysqlnd/mysqlnd.c +++ b/ext/mysqlnd/mysqlnd.c @@ -596,11 +596,15 @@ mysqlnd_run_authentication( struct st_mysqlnd_authentication_plugin * auth_plugin = conn->m->fetch_auth_plugin_by_name(requested_protocol); if (!auth_plugin) { - php_error_docref(NULL, E_WARNING, "The server requested authentication method unknown to the client [%s]", requested_protocol); - SET_CLIENT_ERROR(*conn->error_info, CR_NOT_IMPLEMENTED, UNKNOWN_SQLSTATE, "The server requested authentication method unknown to the client"); - goto end; + if (first_call) { + mnd_pefree(requested_protocol, FALSE); + requested_protocol = mnd_pestrdup(MYSQLND_DEFAULT_AUTH_PROTOCOL, FALSE); + } else { + php_error_docref(NULL, E_WARNING, "The server requested authentication method unknown to the client [%s]", requested_protocol); + SET_CLIENT_ERROR(*conn->error_info, CR_NOT_IMPLEMENTED, UNKNOWN_SQLSTATE, "The server requested authentication method unknown to the client"); + goto end; + } } - DBG_INF("plugin found"); { zend_uchar * switch_to_auth_protocol_data = NULL; @@ -625,9 +629,12 @@ mysqlnd_run_authentication( DBG_INF_FMT("salt(%d)=[%.*s]", plugin_data_len, plugin_data_len, plugin_data); /* The data should be allocated with malloc() */ - scrambled_data = - auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len, - plugin_data, plugin_data_len, options, &conn->net->data->options, mysql_flags); + if (auth_plugin) { + scrambled_data = + auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len, + plugin_data, plugin_data_len, options, &conn->net->data->options, mysql_flags); + } + if (conn->error_info->error_no) { goto end; }