Handle empty password from broader set of MySQL clients #1084
Conversation
ramnes
force-pushed
the
ramnes/0x00
branch
4 times, most recently
from
617c990 to
d089c65
Compare
|
|
||
| func (c *Conn) compareNativePasswordAuthData(clientAuthData []byte, credential Credential) error { | ||
| if len(clientAuthData) == 0 { | ||
| if isEmptyPassword(clientAuthData) { |
There was a problem hiding this comment.
I see your MySQL reference is only for caching_sha2_password_authenticate. Will it also apply for compareNativePasswordAuthData and compareSha256PasswordAuthData?
There was a problem hiding this comment.
SHA256 authentication does have the exact same check here: https://github.com/mysql/mysql-server/blob/056a391cdc1af9b17b5415aee243483d1bac532d/sql/auth/sql_authentication.cc#L4763
For mysql_native_password, I'm less sure but my understanding is that both cases were supported as well by setting a default \0, and then trimming with get_length_encoded_string: https://github.com/mysql/mysql-server/blob/8.0/sql/auth/sql_authentication.cc#L3003-L3012
There was a problem hiding this comment.
Please also add the second link to function comment of isEmptyPassword. Rest lgtm
Some MySQL clients (e.g. libmysql) send a single null byte to indicate an empty password, while others (e.g. mariadb) send an empty packet. This matches MySQL server's own handling: ```c if (!pkt_len || (pkt_len == 1 && *pkt == 0)) ``` (Source: https://github.com/mysql/mysql-server/blob/8.0/sql/auth/sha2_password.cc)
2 participants
Some MySQL clients (e.g. libmysql) send a single null byte to indicate an empty password, while others (e.g. mariadb) send an empty packet. This matches MySQL server's own handling:
(Source: https://github.com/mysql/mysql-server/blob/8.0/sql/auth/sha2_password.cc)