From: Andrey Hristov <andrey@php.net>
Date: Wed, 30 Nov 2011 17:20:25 +0000 (+0000)
Subject: Don't write more data than the protocol can grok or the server will
X-Git-Tag: php-5.5.0alpha1~798
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b9bb138017b55693584571ca61ca606ac78b656d;p=php

Don't write more data than the protocol can grok or the server will
be confused. This comes without a test because the server needs to be
a non-community one with closed source PAM plugin loaded.
---

diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 613514ff65..92b5d9e50b 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -496,6 +496,14 @@ size_t php_mysqlnd_auth_write(void * _packet, MYSQLND_CONN_DATA * conn TSRMLS_DC
 		if (packet->auth_data == NULL) {
 			packet->auth_data_len = 0;
 		}
+		if (packet->auth_data_len > 0xFF) {
+			const char * const msg = "Authentication data too long. "
+				"Won't fit into the buffer and will be truncated. Authentication will thus fail";
+			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+			DBG_RETURN(0);
+		}		
+		
 		int1store(p, packet->auth_data_len);
 		++p;
 /*!!!!! is the buffer big enough ??? */