Skip to content

Guard against short server scramble in sha256_password auth#22356

Open
iliaal wants to merge 1 commit into
php:PHP-8.4from
iliaal:fix-mysqlnd-sha256-scramble
Open

Guard against short server scramble in sha256_password auth#22356
iliaal wants to merge 1 commit into
php:PHP-8.4from
iliaal:fix-mysqlnd-sha256-scramble

Conversation

@iliaal

@iliaal iliaal commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

mysqlnd_sha256_auth_get_auth_data() XORs SCRAMBLE_LENGTH (20) bytes of the server-supplied scramble into the password without checking the scramble is at least that long, unlike the native and caching_sha2 plugins which reject a short scramble with CR_MALFORMED_PACKET. A server reporting a scramble shorter than 20 bytes shrinks the heap buffer the scramble is copied into, so the XOR reads past it. Add the same length guard the sibling plugins use.

@iliaal iliaal mentioned this pull request Jun 17, 2026
Closed
morrisonlevi
morrisonlevi reviewed Jun 18, 2026
View reviewed changes

@morrisonlevi morrisonlevi left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks okay but... how would we test it to be sure?

@iliaal
Guard against short server scramble in sha256_password auth
c910401 
mysqlnd_sha256_auth_get_auth_data() XORs SCRAMBLE_LENGTH bytes of the
server-supplied scramble into the password without checking the scramble
is at least that long, unlike the native and caching_sha2 plugins which
reject a short scramble with CR_MALFORMED_PACKET. A server reporting a
scramble shorter than 20 bytes shrinks the heap buffer the scramble is
copied into, so the XOR reads past it. Add the same length guard the
sibling plugins use.
@iliaal iliaal force-pushed the fix-mysqlnd-sha256-scramble branch from 4d5c8c9 to c910401 Compare June 18, 2026 17:02
@iliaal

iliaal commented Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Added a regression test (a fake_server.inc scenario + .phpt): the fake server sends an AuthSwitchRequest to sha256_password with an 8-byte scramble, and the client now fails with CR_MALFORMED_PACKET instead of running the 20-byte XOR over the short heap copy. The over-read itself reproduces under ASAN (mysqlnd_xor_string reading past the mnd_emalloc'd scramble buffer).

@iliaal iliaal requested a review from morrisonlevi June 18, 2026 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bukka bukka Awaiting requested review from bukka bukka is a code owner

@kamil-tekiela kamil-tekiela Awaiting requested review from kamil-tekiela kamil-tekiela is a code owner

@SakiTakamachi SakiTakamachi Awaiting requested review from SakiTakamachi SakiTakamachi is a code owner

@morrisonlevi morrisonlevi Awaiting requested review from morrisonlevi

Assignees

No one assigned

Labels

Extension: mysqli Extension: mysqlnd

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@iliaal @morrisonlevi