Commit 7dcf0a66 authored by Georgi Kodinov's avatar Georgi Kodinov

Bug #13934049: 64884: LOGINS WITH INCORRECT PASSWORD ARE ALLOWED

Fixed an improper type conversion on return that can make the server accept
logins with a wrong password.
parent b5c690aa
...@@ -531,7 +531,7 @@ check_scramble(const char *scramble_arg, const char *message, ...@@ -531,7 +531,7 @@ check_scramble(const char *scramble_arg, const char *message,
mysql_sha1_reset(&sha1_context); mysql_sha1_reset(&sha1_context);
mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE); mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
mysql_sha1_result(&sha1_context, hash_stage2_reassured); mysql_sha1_result(&sha1_context, hash_stage2_reassured);
return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment