maria-developers team mailing list archive

Thread
Date

Re: f9f290b: MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin

To: Sergei Golubchik <serg@xxxxxxxxxxx>
From: Nirbhay Choubey <nirbhay@xxxxxxxxxxx>
Date: Fri, 29 Apr 2016 10:53:14 -0400
Cc: Maria Developers <maria-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20160429122029.GA6482@meddwl.fritz.box>

Hello Serg,

On Fri, Apr 29, 2016 at 8:20 AM, Sergei Golubchik <serg@xxxxxxxxxxx> wrote:

> Hi, Nirbhay!
>
> On Mar 31, Nirbhay Choubey wrote:
> > revision-id: f9f290b6828eeb57cba611d006d2a9301dc52244
> (mariadb-10.1.13-3-gf9f290b)
> > parent(s): f4d5fe277599da4549c97c660f324c88cf9a2542
> > author: Nirbhay Choubey
> > committer: Nirbhay Choubey
> > timestamp: 2016-03-31 18:03:44 -0400
> > message:
> >
> > MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using
> cracklib plugin
> >
> > Add a check for NULL password.
> >
> > diff --git a/plugin/cracklib_password_check/cracklib_password_check.c
> b/plugin/cracklib_password_check/cracklib_password_check.c
> > index c593173..c192cdf 100644
> > --- a/plugin/cracklib_password_check/cracklib_password_check.c
> > +++ b/plugin/cracklib_password_check/cracklib_password_check.c
> > @@ -33,7 +33,8 @@ static int crackme(MYSQL_LEX_STRING *username,
> MYSQL_LEX_STRING *password)
> >    if ((host= strchr(user, '@')))
> >      *host++= 0;
> >
> > -  if ((res= FascistCheckUser(password->str, dictionary, user, host)))
> > +  if ((password->str == NULL) ||                // No password
> > +      (res= FascistCheckUser(password->str, dictionary, user, host)))
> >    {
> >      my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s",
> >                      MYF(ME_JUST_WARNING), res);
>
> You forgot to fix the simple_password_check plugin.


simple_password_check plugin was immune indirectly because of the following
check:

if (strncmp(password->str, username->str, password->length) == 0)
    return 1;

And if all plugins
> need to do the same check - it's a strong indication that this should've
> been done in the server.
>

I agree.


> So, please, fix this in sql_acl.cc instead. Like this:
>
> -    struct validation_data data= { &user->user, &user->pwtext };
> +    struct validation_data data= { &user->user, user->pwtext.str ?
> &user->pwtext : &empy_lex_str };
>
> Ok to push with this fix and your test case.
>

Done.

Best,
Nirbhay


> Regards,
> Sergei
> Chief Architect MariaDB
> and security@xxxxxxxxxxx
>

References

Re: f9f290b: MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when using cracklib plugin
From: Sergei Golubchik, 2016-04-29