File tree Expand file tree Collapse file tree 1 file changed +11
-3
lines changed Expand file tree Collapse file tree 1 file changed +11
-3
lines changed Original file line number Diff line number Diff line change @@ -174,10 +174,18 @@ func (mc *mysqlConn) readInitPacket() ([]byte, error) {
174174 // reserved (all [00]) [10 bytes]
175175 pos += 1 + 2 + 2 + 1 + 10
176176
177- // second part of the password cipher [12? bytes]
178- // The documentation is ambiguous about the length.
177+ // second part of the password cipher [mininum 13 bytes],
178+ // where len=MAX(13, length of auth-plugin-data - 8)
179+ //
180+ // The web documentation is ambiguous about the length. However,
181+ // according to mysql-5.7/sql/auth/sql_authentication.cc line 538,
182+ // the 13th byte is "\0 byte, terminating the second part of
183+ // a scramble". So the second part of the password cipher is
184+ // a NULL terminated string that's at least 13 bytes with the
185+ // last byte being NULL.
186+ //
179187 // The official Python library uses the fixed length 12
180- // which is not documented but seems to work .
188+ // which seems to work but technically could have a hidden bug .
181189 cipher = append (cipher , data [pos :pos + 12 ]... )
182190
183191 // TODO: Verify string termination
You can’t perform that action at this time.
0 commit comments