Skip to content

Fix mysql_clear_password plugin on auth switch panic. #646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 21, 2017
Merged

Fix mysql_clear_password plugin on auth switch panic. #646

merged 1 commit into from
Aug 21, 2017

Conversation

elemount
Copy link
Contributor

Description

'mysql_clear_password' plugin on auth switch parse will panic on normal situation. To fix issue #636 , which is a bug by the code.

The root cause is that

auth string is "\xFEmysql_clear_password\x00auth_string", the auth_string is [string.EOF] so Aurora just send "\xFEmysql_clear_password\x00", this response is match the clear password protocol.

The bug of the driver is that it assume the auth_string is [string.NUL] or auth_string is not empty which ends with '\x00'. That assumption is not correct.

Checklist

  • Code compiles correctly
  • Created tests which fail without the change (if possible)
  • All tests passing
  • Extended the README / documentation, if necessary
  • Added myself / the copyright holder to the AUTHORS file

@freman
Copy link

freman commented Aug 19, 2017
edited
Loading

We literally just run into something very similar

				var cipher []byte
				if pluginEndIndex+1 < len(data) {
					cipher = data[pluginEndIndex+1:]
				}

Edit: Included for completeness, this is what AWS Aurora is spitting at us, which is why I added the if check

([]uint8) (len=22 cap=4092) {
 00000000  fe 6d 79 73 71 6c 5f 63  6c 65 61 72 5f 70 61 73  |.mysql_clear_pas|
 00000010  73 77 6f 72 64 00                                 |sword.|
}

julienschmidt
julienschmidt reviewed Aug 19, 2017
View reviewed changes
packets.go
@@ -495,7 +499,7 @@ func (mc *mysqlConn) readResultOK() ([]byte, error) {
if len(data) > 1 {
pluginEndIndex := bytes.IndexByte(data, 0x00)
plugin := string(data[1:pluginEndIndex])
cipher := data[pluginEndIndex+1 : len(data)-1]
cipher := data[pluginEndIndex+1:]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this still work if the mysql server appends 0x00?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@julienschmidt with all due respect to @elemount but with an eye on expediency (we've got a bunch devs hung up on this), would it be acceptable for me to re-submit this merge request with my changes which answers the question of the appended 0x00?

Copy link
Contributor Author

@elemount elemount Aug 21, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@julienschmidt , it depends how the protocol define. In protocol, the cipher is a string[EOF], and it must be string[EOF], string[NUL] is impossible, for the auth data(many times is a random salt) may contains the 0x00 inside, . So 0x00 must be the data which the auth plugin pass, so depends on the auth plugin itself to decide how to deal with it.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested it :D

https://play.golang.org/p/f2oGHOwj8H

@elemount fixes it, turns out my if is overkill :D

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My concern was if it breaks native password auth, since it changes the behavior introduced in #494.
But this is actually addressed in this PR by slicing the data to the specified size, so everything should be fine.

@julienschmidt julienschmidt added this to the v1.4 milestone Aug 21, 2017
@julienschmidt julienschmidt merged commit 21d7e97 into go-sql-driver:master Aug 21, 2017
nimakaviani pushed a commit to cloudfoundry-attic/mysql that referenced this pull request Aug 29, 2017
@elemount
Fix mysql_clear_password plugin on auth switch panic. (go-sql-drive…
50b949a 
…r#646)

Fixes go-sql-driver#636
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freman freman freman left review comments

@julienschmidt julienschmidt julienschmidt approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v1.4.0
Development

Successfully merging this pull request may close these issues.
3 participants
@elemount @freman @julienschmidt