MDEV-19882 pam v2: auth_pam_tool truncates passwords that are not null-terminated

vuvova · vuvova · commit dadc53ff0b32 · 2019-10-28T19:45:43.000+01:00
Don't assume that passwords (and other conv replies) are zero-terminated.
If they are, though, strndup() down below will take care of that.
diff --git a/plugin/auth_pam/auth_pam_tool.c b/plugin/auth_pam/auth_pam_tool.c
@@ -33,7 +33,7 @@ static int roundtrip(struct param *param, const unsigned char *buf,
   if (write(1, &b, 1) < 1 || write_string(1, buf, buf_len))
     return -1;
   *pkt= (unsigned char *) param->buf;
-  return read_string(0, (char *) param->buf, (int) sizeof(param->buf)) - 1;
+  return read_string(0, (char *) param->buf, (int) sizeof(param->buf));
 }
 
 typedef struct st_mysql_server_auth_info

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ static int roundtrip(struct param param, const unsigned char buf,`
`33`	`33`	`if (write(1, &b, 1) < 1 \|\| write_string(1, buf, buf_len))`
`34`	`34`	`return -1;`
`35`	`35`	`pkt= (unsigned char ) param->buf;`
`36`		`- return read_string(0, (char *) param->buf, (int) sizeof(param->buf)) - 1;`
	`36`	`+ return read_string(0, (char *) param->buf, (int) sizeof(param->buf));`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`typedef struct st_mysql_server_auth_info`