blob: 84e306aa944addcfec7b4efeaf35c76023a32594 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Security bug http://bugs.mysql.com/bug.php?id=64884
Already fixed in MariaDB 5.1.62+/5.5.23+
Depends on the result of check_scramble being cast to char directly.
diff -Nuar mysql.orig/sql/password.c mysql/sql/password.c
--- mysql.orig/sql/password.c 2012-03-02 11:44:47.000000000 -0800
+++ mysql/sql/password.c 2012-04-21 10:59:39.502744613 -0700
@@ -531,7 +531,7 @@
mysql_sha1_reset(&sha1_context);
mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
mysql_sha1_result(&sha1_context, hash_stage2_reassured);
- return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
+ return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
}
|