07342_all_mysql_auth_bypass-5.5.22.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Security bug http://bugs.mysql.com/bug.php?id=64884
Already fixed in MariaDB 5.1.62+/5.5.23+

Depends on the result of check_scramble being cast to char directly.

diff -Nuar mysql.orig/sql/password.c mysql/sql/password.c
--- mysql.orig/sql/password.c	2012-03-02 11:44:47.000000000 -0800
+++ mysql/sql/password.c	2012-04-21 10:59:39.502744613 -0700
@@ -531,7 +531,7 @@
   mysql_sha1_reset(&sha1_context);
   mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
   mysql_sha1_result(&sha1_context, hash_stage2_reassured);
-  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
+  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
 }