From e544edd72643a804fe9fe75e723f1eadc3a6bae9 Mon Sep 17 00:00:00 2001 From: BohuTANG Date: Thu, 9 Apr 2020 09:43:02 +0800 Subject: [PATCH 1/4] Fix random scramble using seperator character issue during MySQL handshakes --- src/Core/MySQLProtocol.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/Core/MySQLProtocol.h b/src/Core/MySQLProtocol.h index 1fae57517c1..5adcf836c18 100644 --- a/src/Core/MySQLProtocol.h +++ b/src/Core/MySQLProtocol.h @@ -914,8 +914,16 @@ public: scramble.resize(SCRAMBLE_LENGTH + 1, 0); Poco::RandomInputStream generator; - for (size_t i = 0; i < SCRAMBLE_LENGTH; i++) + /** Generate a random string using ASCII characters but avoid seperator character, + * produce pseudo random numbers between with about 7 bit worth of entropty between 1-127. + * https://github.com/mysql/mysql-server/blob/8.0/mysys/crypt_genhash_impl.cc#L427 + */ + for (size_t i = 0; i < SCRAMBLE_LENGTH; i++){ generator >> scramble[i]; + scramble[i] &= 0x7f; + if (scramble[i] == '\0' || scramble[i] == '$') + scramble[i] = scramble[i] + 1; + } } String getName() override @@ -993,8 +1001,12 @@ public: scramble.resize(SCRAMBLE_LENGTH + 1, 0); Poco::RandomInputStream generator; - for (size_t i = 0; i < SCRAMBLE_LENGTH; i++) + for (size_t i = 0; i < SCRAMBLE_LENGTH; i++) { generator >> scramble[i]; + scramble[i] &= 0x7f; + if (scramble[i] == '\0' || scramble[i] == '$') + scramble[i] = scramble[i] + 1; + } } String getName() override From 17256e0f1e02111da6df9902d7c20be231cda8d9 Mon Sep 17 00:00:00 2001 From: BohuTANG Date: Thu, 9 Apr 2020 10:53:40 +0800 Subject: [PATCH 2/4] add java client integation tests --- tests/integration/test_mysql_protocol/test.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/integration/test_mysql_protocol/test.py b/tests/integration/test_mysql_protocol/test.py index b5ee3cecec9..f75a168d5db 100644 --- a/tests/integration/test_mysql_protocol/test.py +++ b/tests/integration/test_mysql_protocol/test.py @@ -278,15 +278,29 @@ def test_java_client(server_address, java_container): with open(os.path.join(SCRIPT_DIR, 'clients', 'java', '0.reference')) as fp: reference = fp.read() + # database not exists exception. code, (stdout, stderr) = java_container.exec_run('java JavaConnectorTest --host {host} --port {port} --user user_with_empty_password --database ' 'abc'.format(host=server_address, port=server_port), demux=True) assert code == 1 + # empty password passed. code, (stdout, stderr) = java_container.exec_run('java JavaConnectorTest --host {host} --port {port} --user user_with_empty_password --database ' 'default'.format(host=server_address, port=server_port), demux=True) assert code == 0 assert stdout == reference + # non-empty password passed. + code, (stdout, stderr) = java_container.exec_run('java JavaConnectorTest --host {host} --port {port} --user default --password 123 --database ' + 'default'.format(host=server_address, port=server_port), demux=True) + assert code == 0 + assert stdout == reference + + # double-sha1 password passed. + code, (stdout, stderr) = java_container.exec_run('java JavaConnectorTest --host {host} --port {port} --user user_with_double_sha1 --password abacaba --database ' + 'default'.format(host=server_address, port=server_port), demux=True) + assert code == 0 + assert stdout == reference + def test_types(server_address): client = pymysql.connections.Connection(host=server_address, user='default', password='123', database='default', port=server_port) From ccf5cb2a668499ad0fd9c275a4e63aeb02cd6d1c Mon Sep 17 00:00:00 2001 From: alexey-milovidov Date: Thu, 9 Apr 2020 06:24:09 +0300 Subject: [PATCH 3/4] Update MySQLProtocol.h --- src/Core/MySQLProtocol.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Core/MySQLProtocol.h b/src/Core/MySQLProtocol.h index 5adcf836c18..e73e1fddd3a 100644 --- a/src/Core/MySQLProtocol.h +++ b/src/Core/MySQLProtocol.h @@ -914,7 +914,7 @@ public: scramble.resize(SCRAMBLE_LENGTH + 1, 0); Poco::RandomInputStream generator; - /** Generate a random string using ASCII characters but avoid seperator character, + /** Generate a random string using ASCII characters but avoid separator character, * produce pseudo random numbers between with about 7 bit worth of entropty between 1-127. * https://github.com/mysql/mysql-server/blob/8.0/mysys/crypt_genhash_impl.cc#L427 */ From cb6c860d898c7e7b1c99b8f98921d51ff5146dd9 Mon Sep 17 00:00:00 2001 From: alexey-milovidov Date: Thu, 9 Apr 2020 06:25:20 +0300 Subject: [PATCH 4/4] Update MySQLProtocol.h --- src/Core/MySQLProtocol.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Core/MySQLProtocol.h b/src/Core/MySQLProtocol.h index e73e1fddd3a..5255c6f263e 100644 --- a/src/Core/MySQLProtocol.h +++ b/src/Core/MySQLProtocol.h @@ -918,7 +918,8 @@ public: * produce pseudo random numbers between with about 7 bit worth of entropty between 1-127. * https://github.com/mysql/mysql-server/blob/8.0/mysys/crypt_genhash_impl.cc#L427 */ - for (size_t i = 0; i < SCRAMBLE_LENGTH; i++){ + for (size_t i = 0; i < SCRAMBLE_LENGTH; ++i) + { generator >> scramble[i]; scramble[i] &= 0x7f; if (scramble[i] == '\0' || scramble[i] == '$') @@ -1001,7 +1002,8 @@ public: scramble.resize(SCRAMBLE_LENGTH + 1, 0); Poco::RandomInputStream generator; - for (size_t i = 0; i < SCRAMBLE_LENGTH; i++) { + for (size_t i = 0; i < SCRAMBLE_LENGTH; ++i) + { generator >> scramble[i]; scramble[i] &= 0x7f; if (scramble[i] == '\0' || scramble[i] == '$')