Re: [Maria-developers] f9f290b: MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin
Hi, Nirbhay! On Mar 31, Nirbhay Choubey wrote:
revision-id: f9f290b6828eeb57cba611d006d2a9301dc52244 (mariadb-10.1.13-3-gf9f290b) parent(s): f4d5fe277599da4549c97c660f324c88cf9a2542 author: Nirbhay Choubey committer: Nirbhay Choubey timestamp: 2016-03-31 18:03:44 -0400 message:
MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin
Add a check for NULL password.
diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c index c593173..c192cdf 100644 --- a/plugin/cracklib_password_check/cracklib_password_check.c +++ b/plugin/cracklib_password_check/cracklib_password_check.c @@ -33,7 +33,8 @@ static int crackme(MYSQL_LEX_STRING *username, MYSQL_LEX_STRING *password) if ((host= strchr(user, '@'))) *host++= 0;
- if ((res= FascistCheckUser(password->str, dictionary, user, host))) + if ((password->str == NULL) || // No password + (res= FascistCheckUser(password->str, dictionary, user, host))) { my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s", MYF(ME_JUST_WARNING), res);
You forgot to fix the simple_password_check plugin. And if all plugins need to do the same check - it's a strong indication that this should've been done in the server. So, please, fix this in sql_acl.cc instead. Like this: - struct validation_data data= { &user->user, &user->pwtext }; + struct validation_data data= { &user->user, user->pwtext.str ? &user->pwtext : &empy_lex_str }; Ok to push with this fix and your test case. Regards, Sergei Chief Architect MariaDB and security@mariadb.org
Hello Serg, On Fri, Apr 29, 2016 at 8:20 AM, Sergei Golubchik <serg@mariadb.org> wrote:
Hi, Nirbhay!
On Mar 31, Nirbhay Choubey wrote:
revision-id: f9f290b6828eeb57cba611d006d2a9301dc52244 (mariadb-10.1.13-3-gf9f290b) parent(s): f4d5fe277599da4549c97c660f324c88cf9a2542 author: Nirbhay Choubey committer: Nirbhay Choubey timestamp: 2016-03-31 18:03:44 -0400 message:
MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin
Add a check for NULL password.
diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c index c593173..c192cdf 100644 --- a/plugin/cracklib_password_check/cracklib_password_check.c +++ b/plugin/cracklib_password_check/cracklib_password_check.c @@ -33,7 +33,8 @@ static int crackme(MYSQL_LEX_STRING *username, MYSQL_LEX_STRING *password) if ((host= strchr(user, '@'))) *host++= 0;
- if ((res= FascistCheckUser(password->str, dictionary, user, host))) + if ((password->str == NULL) || // No password + (res= FascistCheckUser(password->str, dictionary, user, host))) { my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s", MYF(ME_JUST_WARNING), res);
You forgot to fix the simple_password_check plugin.
simple_password_check plugin was immune indirectly because of the following check: if (strncmp(password->str, username->str, password->length) == 0) return 1; And if all plugins
need to do the same check - it's a strong indication that this should've been done in the server.
I agree.
So, please, fix this in sql_acl.cc instead. Like this:
- struct validation_data data= { &user->user, &user->pwtext }; + struct validation_data data= { &user->user, user->pwtext.str ? &user->pwtext : &empy_lex_str };
Ok to push with this fix and your test case.
Done. Best, Nirbhay
Regards, Sergei Chief Architect MariaDB and security@mariadb.org
participants (2)
-
Nirbhay Choubey -
Sergei Golubchik