Security bug http://bugs.mysql.com/bug.php?id=64884 Already fixed in MariaDB 5.1.62+/5.5.23+ Depends on the result of check_scramble being cast to char directly. diff -Nuar mysql.orig/libmysql/password.c mysql/libmysql/password.c --- mysql.orig/libmysql/password.c 2012-04-21 10:58:15.485424022 -0700 +++ mysql/libmysql/password.c 2012-04-21 10:57:34.077773190 -0700 @@ -531,7 +531,7 @@ mysql_sha1_reset(&sha1_context); mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE); mysql_sha1_result(&sha1_context, hash_stage2_reassured); - return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); + return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE)); } diff -Nuar mysql.orig/sql/password.c mysql/sql/password.c --- mysql.orig/sql/password.c 2012-04-21 10:58:18.941478337 -0700 +++ mysql/sql/password.c 2012-04-21 10:57:50.318028470 -0700 @@ -531,7 +531,7 @@ mysql_sha1_reset(&sha1_context); mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE); mysql_sha1_result(&sha1_context, hash_stage2_reassured); - return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); + return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE)); }