maria-developers team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Nirbhay!

On Mar 31, Nirbhay Choubey wrote:
> revision-id: f9f290b6828eeb57cba611d006d2a9301dc52244 (mariadb-10.1.13-3-gf9f290b)
> parent(s): f4d5fe277599da4549c97c660f324c88cf9a2542
> author: Nirbhay Choubey
> committer: Nirbhay Choubey
> timestamp: 2016-03-31 18:03:44 -0400
> message:
> 
> MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin
> 
> Add a check for NULL password.
> 
> diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c
> index c593173..c192cdf 100644
> --- a/plugin/cracklib_password_check/cracklib_password_check.c
> +++ b/plugin/cracklib_password_check/cracklib_password_check.c
> @@ -33,7 +33,8 @@ static int crackme(MYSQL_LEX_STRING *username, MYSQL_LEX_STRING *password)
>    if ((host= strchr(user, '@')))
>      *host++= 0;
>  
> -  if ((res= FascistCheckUser(password->str, dictionary, user, host)))
> +  if ((password->str == NULL) ||                // No password
> +      (res= FascistCheckUser(password->str, dictionary, user, host)))
>    {
>      my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s",
>                      MYF(ME_JUST_WARNING), res);

You forgot to fix the simple_password_check plugin. And if all plugins
need to do the same check - it's a strong indication that this should've
been done in the server.

So, please, fix this in sql_acl.cc instead. Like this:

-    struct validation_data data= { &user->user, &user->pwtext };
+    struct validation_data data= { &user->user, user->pwtext.str ? &user->pwtext : &empy_lex_str };

Ok to push with this fix and your test case.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx