From: Joey Schulze Date: Wed, 14 May 2008 20:19:08 +0000 (+0000) Subject: Adjust the buffer size used by make_scrambled_password() X-Git-Tag: debian/4.3.9-8~9 X-Git-Url: https://git.infodrom.org/?p=debian%2Fmod-auth-mysql;a=commitdiff_plain;h=9413902204b20422937418fb253a7781d8fe5358 Adjust the buffer size used by make_scrambled_password() --- diff --git a/debian/changelog b/debian/changelog index 0432dc5..0671155 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,8 @@ mod-auth-mysql (4.3.9-8) unstable; urgency=low * Stop altering the AUTH_MYSQL_VERSION with an old Debian revision [002-mysql_define] * Unify AuthMySQL_ and Auth_MySQL_ namespace [007-unify_namespace.dpatch] + * Adjust the buffer size used by make_scrambled_password() + [008-make_scrambled_password.dpatch] (closes: Bug#356064) -- diff --git a/debian/patches/008-make_scrambled_password.dpatch b/debian/patches/008-make_scrambled_password.dpatch new file mode 100644 index 0000000..75c7664 --- /dev/null +++ b/debian/patches/008-make_scrambled_password.dpatch @@ -0,0 +1,29 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 008-make_scrambled_password.dpatch by Joey Schulze +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Adjust the buffer size used by make_scrambled_password() + +@DPATCH@ +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2008-05-14 18:46:21.000000000 +0200 ++++ mod-auth-mysql/mod_auth_mysql.c 2008-05-14 22:15:44.000000000 +0200 +@@ -103,6 +103,9 @@ + #endif + #define SHA1SUM_ENCRYPTION_FLAG 1<<6 + ++/* from include/sha1.h from the mysql-server source distribution */ ++#define SHA1_HASH_SIZE 20 /* Hash size in bytes */ ++ + static int check_no_encryption(const char *passwd, char *enc_passwd) + { + return (!strcmp(passwd, enc_passwd)); +@@ -229,7 +232,7 @@ + + static int check_mysql_encryption(const char *passwd, char *enc_passwd) + { +- char scrambled_passwd[32]; ++ char scrambled_passwd[2*SHA1_HASH_SIZE + 2]; + + make_scrambled_password(scrambled_passwd, passwd); + return (!strcmp(scrambled_passwd, enc_passwd)); diff --git a/debian/patches/00list b/debian/patches/00list index 920815d..fdd431d 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -4,3 +4,4 @@ 005-directives 006-options 007-unify_namespace +008-make_scrambled_password