From 5339613b17f2b91a7bb989b86763ddfe95a37f1b Mon Sep 17 00:00:00 2001 From: lishuode Date: Thu, 10 Aug 2017 07:32:09 +0000 Subject: [PATCH] Fix `mysql_clear_password` plugin on auth switch panic. --- packets.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/packets.go b/packets.go index 9715067c4..461fbed9f 100644 --- a/packets.go +++ b/packets.go @@ -352,7 +352,9 @@ func (mc *mysqlConn) writeAuthPacket(cipher []byte) error { // http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchResponse func (mc *mysqlConn) writeOldAuthPacket(cipher []byte) error { // User password - scrambleBuff := scrambleOldPassword(cipher, []byte(mc.cfg.Passwd)) + // https://dev.mysql.com/doc/internals/en/old-password-authentication.html + // Old password authentication only need and will need 8-byte challenge. + scrambleBuff := scrambleOldPassword(cipher[:8], []byte(mc.cfg.Passwd)) // Calculate the packet length and add a tailing 0 pktLen := len(scrambleBuff) + 1 @@ -392,7 +394,9 @@ func (mc *mysqlConn) writeClearAuthPacket() error { // Native password authentication method // http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchResponse func (mc *mysqlConn) writeNativeAuthPacket(cipher []byte) error { - scrambleBuff := scramblePassword(cipher, []byte(mc.cfg.Passwd)) + // https://dev.mysql.com/doc/internals/en/secure-password-authentication.html + // Native password authentication only need and will need 20-byte challenge. + scrambleBuff := scramblePassword(cipher[0:20], []byte(mc.cfg.Passwd)) // Calculate the packet length and add a tailing 0 pktLen := len(scrambleBuff) @@ -495,7 +499,7 @@ func (mc *mysqlConn) readResultOK() ([]byte, error) { if len(data) > 1 { pluginEndIndex := bytes.IndexByte(data, 0x00) plugin := string(data[1:pluginEndIndex]) - cipher := data[pluginEndIndex+1 : len(data)-1] + cipher := data[pluginEndIndex+1:] switch plugin { case "mysql_old_password":