From 87fe0afb5da32ae9de7a2e1170ffbc2071d092c7 Mon Sep 17 00:00:00 2001 From: John Lindal Date: Fri, 4 Apr 2025 15:34:13 -0700 Subject: [PATCH 1/4] MySQL: add the option to force sending the password as plain text * This re-uses the pam authentication method * pdo_mysql: added option MYSQL_ATTR_SEND_CLEAR_PASSWORD * mysqlnd: implemented CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA option in order to send auth data longer than 255 bytes --- ext/mysqlnd/mysqlnd_auth.c | 2 +- ext/mysqlnd/mysqlnd_enum_n_def.h | 11 +++++- ext/mysqlnd/mysqlnd_wireprotocol.c | 38 ++++++++++++------- ext/pdo_mysql/mysql_driver.c | 10 +++++ ext/pdo_mysql/pdo_mysql.c | 3 ++ ext/pdo_mysql/pdo_mysql.stub.php | 4 ++ ext/pdo_mysql/pdo_mysql_arginfo.h | 10 ++++- ext/pdo_mysql/php_pdo_mysql_int.h | 3 ++ .../tests/pdo_mysql_class_constants.phpt | 1 + 9 files changed, 65 insertions(+), 17 deletions(-) diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c index 3a30b1458dea0..fd8c7cb258419 100644 --- a/ext/mysqlnd/mysqlnd_auth.c +++ b/ext/mysqlnd/mysqlnd_auth.c @@ -68,7 +68,7 @@ mysqlnd_run_authentication( memcpy(plugin_data, auth_plugin_data.s, plugin_data_len); plugin_data[plugin_data_len] = '\0'; - requested_protocol = mnd_pestrdup(auth_protocol? auth_protocol : MYSQLND_DEFAULT_AUTH_PROTOCOL, FALSE); + requested_protocol = mnd_pestrdup(mysql_flags & CLIENT_SEND_CLEAR_PASSWORD ? MYSQLND_CLEAR_PASSWORD_AUTH_PROTOCOL : (auth_protocol? auth_protocol : MYSQLND_DEFAULT_AUTH_PROTOCOL), FALSE); if (!requested_protocol) { goto end; } diff --git a/ext/mysqlnd/mysqlnd_enum_n_def.h b/ext/mysqlnd/mysqlnd_enum_n_def.h index 851174032c404..08714b003e4f2 100644 --- a/ext/mysqlnd/mysqlnd_enum_n_def.h +++ b/ext/mysqlnd/mysqlnd_enum_n_def.h @@ -34,13 +34,15 @@ #define MYSQLND_ASSEMBLED_PACKET_MAX_SIZE 3UL*1024UL*1024UL*1024UL -#define MYSQLND_DEFAULT_AUTH_PROTOCOL "mysql_native_password" +#define MYSQLND_DEFAULT_AUTH_PROTOCOL "mysql_native_password" +#define MYSQLND_CLEAR_PASSWORD_AUTH_PROTOCOL "mysql_clear_password" #define MYSQLND_ERRMSG_SIZE 512 #define MYSQLND_SQLSTATE_LENGTH 5 #define MYSQLND_SQLSTATE_NULL "00000" #define MYSQLND_MAX_ALLOWED_USER_LEN 252 /* 63 char * 4byte . MySQL supports now only 32 char, but let it be forward compatible */ +#define MYSQLND_MAX_ALLOWED_AUTH_LEN 4096 /* This would be a very large token! */ #define MYSQLND_MAX_ALLOWED_DB_LEN 1024 /* 256 char * 4byte. MySQL supports now only 64 char in the tables, but on the FS could be different. Forward compatible. */ #define MYSQLND_NET_CMD_BUFFER_MIN_SIZE 4096 @@ -101,6 +103,10 @@ #define CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA (1UL << 21) /* Enable authentication response packet to be larger than 255 bytes. */ #define CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS (1UL << 22) /* Don't close the connection for a connection with expired password. */ #define CLIENT_SESSION_TRACK (1UL << 23) /* Extended OK */ +/* + This is a mysqlnd extension. CLIENT_IGNORE_SIGPIPE is not used anyway. We will reuse it for our case and translate it to forcing the mysql_clear_password protocol +*/ +#define CLIENT_SEND_CLEAR_PASSWORD CLIENT_IGNORE_SIGPIPE /* Force plaintext password */ /* This is a mysqlnd extension. CLIENT_ODBC is not used anyway. We will reuse it for our case and translate it to not using SSL peer verification */ @@ -110,7 +116,8 @@ #define MYSQLND_CAPABILITIES (CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_TRANSACTIONS | \ CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION | \ - CLIENT_MULTI_RESULTS | CLIENT_LOCAL_FILES | CLIENT_PLUGIN_AUTH) + CLIENT_MULTI_RESULTS | CLIENT_LOCAL_FILES | CLIENT_PLUGIN_AUTH | \ + CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA) #define MYSQLND_PROTOCOL_FLAG_USE_COMPRESSION 1 diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c index 36fd532337375..fa6579b4e957e 100644 --- a/ext/mysqlnd/mysqlnd_wireprotocol.c +++ b/ext/mysqlnd/mysqlnd_wireprotocol.c @@ -520,7 +520,7 @@ void php_mysqlnd_greet_free_mem(void * _packet) /* }}} */ -#define AUTH_WRITE_BUFFER_LEN (MYSQLND_HEADER_SIZE + MYSQLND_MAX_ALLOWED_USER_LEN + SCRAMBLE_LENGTH + MYSQLND_MAX_ALLOWED_DB_LEN + 1 + 4096) +#define AUTH_WRITE_BUFFER_LEN (MYSQLND_HEADER_SIZE + MYSQLND_MAX_ALLOWED_USER_LEN + MYSQLND_MAX_ALLOWED_AUTH_LEN + MYSQLND_MAX_ALLOWED_DB_LEN + 1 + 4096) /* {{{ php_mysqlnd_auth_write */ static @@ -561,21 +561,33 @@ size_t php_mysqlnd_auth_write(MYSQLND_CONN_DATA * conn, void * _packet) if (packet->auth_data == NULL) { packet->auth_data_len = 0; } - if (packet->auth_data_len > 0xFF) { - const char * const msg = "Authentication data too long. " - "Won't fit into the buffer and will be truncated. Authentication will thus fail"; - SET_CLIENT_ERROR(error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg); - php_error_docref(NULL, E_WARNING, "%s", msg); - DBG_RETURN(0); - } - int1store(p, (int8_t)packet->auth_data_len); - ++p; + if (packet->client_flags & CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA) { + if (packet->auth_data_len > MYSQLND_MAX_ALLOWED_AUTH_LEN) { + const char * const msg = "Authentication data too long. " + "Won't fit into the buffer and will be truncated. Authentication will thus fail"; + SET_CLIENT_ERROR(error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg); + php_error_docref(NULL, E_WARNING, "%s", msg); + DBG_RETURN(0); + } /*!!!!! is the buffer big enough ??? */ - if (sizeof(buffer) < (packet->auth_data_len + (p - buffer))) { - DBG_ERR("the stack buffer was not enough!!"); - DBG_RETURN(0); + if (sizeof(buffer) < (packet->auth_data_len + (p - buffer))) { + DBG_ERR("the stack buffer was not enough!!"); + DBG_RETURN(0); + } + p = php_mysqlnd_net_store_length(p, packet->auth_data_len); + } else { + if (packet->auth_data_len > 0xFF) { + const char * const msg = "Authentication data too long. " + "Won't fit into the buffer and will be truncated. Authentication will thus fail"; + SET_CLIENT_ERROR(error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg); + php_error_docref(NULL, E_WARNING, "%s", msg); + DBG_RETURN(0); + } + int1store(p, (int8_t)packet->auth_data_len); + ++p; } + if (packet->auth_data_len) { p = zend_mempcpy(p, packet->auth_data, packet->auth_data_len); } diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index f0a2a887a5c75..4ba147881eccf 100644 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -905,6 +905,16 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options) } } #endif + +#ifdef PDO_USE_MYSQLND + { + zend_long send_clear_password = pdo_attr_lval(driver_options, + PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD, -1); + if (send_clear_password == 1) { + connect_opts |= CLIENT_SEND_CLEAR_PASSWORD; + } + } +#endif } /* Always explicitly set the LOCAL_INFILE option. */ diff --git a/ext/pdo_mysql/pdo_mysql.c b/ext/pdo_mysql/pdo_mysql.c index 772022cdbe937..a57a3e7c34cd4 100644 --- a/ext/pdo_mysql/pdo_mysql.c +++ b/ext/pdo_mysql/pdo_mysql.c @@ -144,6 +144,9 @@ static PHP_MINIT_FUNCTION(pdo_mysql) #if MYSQL_VERSION_ID >= 80021 || defined(PDO_USE_MYSQLND) REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_LOCAL_INFILE_DIRECTORY", (zend_long)PDO_MYSQL_ATTR_LOCAL_INFILE_DIRECTORY); #endif +#ifdef PDO_USE_MYSQLND + REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_SEND_CLEAR_PASSWORD", (zend_long)PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD); +#endif #ifdef PDO_USE_MYSQLND mysqlnd_reverse_api_register_api(&pdo_mysql_reverse_api); diff --git a/ext/pdo_mysql/pdo_mysql.stub.php b/ext/pdo_mysql/pdo_mysql.stub.php index cf253194432c3..3398317bdbfbc 100644 --- a/ext/pdo_mysql/pdo_mysql.stub.php +++ b/ext/pdo_mysql/pdo_mysql.stub.php @@ -72,6 +72,10 @@ class Mysql extends \PDO /** @cvalue PDO_MYSQL_ATTR_LOCAL_INFILE_DIRECTORY */ public const int ATTR_LOCAL_INFILE_DIRECTORY = UNKNOWN; #endif +#ifdef PDO_USE_MYSQLND + /** @cvalue PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD */ + public const int ATTR_SEND_CLEAR_PASSWORD = UNKNOWN; +#endif public function getWarningCount(): int {} } diff --git a/ext/pdo_mysql/pdo_mysql_arginfo.h b/ext/pdo_mysql/pdo_mysql_arginfo.h index a6a1b5e1b5c78..444d0dfbe7e7c 100644 --- a/ext/pdo_mysql/pdo_mysql_arginfo.h +++ b/ext/pdo_mysql/pdo_mysql_arginfo.h @@ -1,5 +1,5 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: 9d2c0327499693f1ca2825a9ad42ad769f44a24a */ + * Stub hash: 5cd7d3159172321ee2cead3bf42124274707d1a9 */ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_class_Pdo_Mysql_getWarningCount, 0, 0, IS_LONG, 0) ZEND_END_ARG_INFO() @@ -143,6 +143,14 @@ static zend_class_entry *register_class_Pdo_Mysql(zend_class_entry *class_entry_ zend_declare_typed_class_constant(class_entry, const_ATTR_LOCAL_INFILE_DIRECTORY_name, &const_ATTR_LOCAL_INFILE_DIRECTORY_value, ZEND_ACC_PUBLIC, NULL, (zend_type) ZEND_TYPE_INIT_MASK(MAY_BE_LONG)); zend_string_release(const_ATTR_LOCAL_INFILE_DIRECTORY_name); #endif +#if defined(PDO_USE_MYSQLND) + + zval const_ATTR_SEND_CLEAR_PASSWORD_value; + ZVAL_LONG(&const_ATTR_SEND_CLEAR_PASSWORD_value, PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD); + zend_string *const_ATTR_SEND_CLEAR_PASSWORD_name = zend_string_init_interned("ATTR_SEND_CLEAR_PASSWORD", sizeof("ATTR_SEND_CLEAR_PASSWORD") - 1, 1); + zend_declare_typed_class_constant(class_entry, const_ATTR_SEND_CLEAR_PASSWORD_name, &const_ATTR_SEND_CLEAR_PASSWORD_value, ZEND_ACC_PUBLIC, NULL, (zend_type) ZEND_TYPE_INIT_MASK(MAY_BE_LONG)); + zend_string_release(const_ATTR_SEND_CLEAR_PASSWORD_name); +#endif return class_entry; } diff --git a/ext/pdo_mysql/php_pdo_mysql_int.h b/ext/pdo_mysql/php_pdo_mysql_int.h index ae77193afcfa9..856cee3028228 100644 --- a/ext/pdo_mysql/php_pdo_mysql_int.h +++ b/ext/pdo_mysql/php_pdo_mysql_int.h @@ -184,6 +184,9 @@ enum { #if MYSQL_VERSION_ID >= 80021 || defined(PDO_USE_MYSQLND) PDO_MYSQL_ATTR_LOCAL_INFILE_DIRECTORY, #endif +#ifdef PDO_USE_MYSQLND + PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD, +#endif }; #endif diff --git a/ext/pdo_mysql/tests/pdo_mysql_class_constants.phpt b/ext/pdo_mysql/tests/pdo_mysql_class_constants.phpt index 6413675aeb9bc..1ae27ff5485b2 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_class_constants.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_class_constants.phpt @@ -49,6 +49,7 @@ if (!extension_loaded('mysqli') && !extension_loaded('mysqlnd')) { if (extension_loaded('mysqlnd')) { $expected['MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'] = true; $expected['MYSQL_ATTR_SERVER_PUBLIC_KEY'] = true; + $expected['MYSQL_ATTR_SEND_CLEAR_PASSWORD'] = true; } else if (get_client_version() > 50605) { $expected['MYSQL_ATTR_SERVER_PUBLIC_KEY'] = true; } From 93e650524b337894368516b6405fe3e750bad653 Mon Sep 17 00:00:00 2001 From: John Lindal Date: Fri, 4 Apr 2025 18:21:06 -0700 Subject: [PATCH 2/4] update mysqli test with new capability flag --- ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt | 2 +- ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt | 2 +- ext/mysqli/tests/protocol_query_row_fetch_data.phpt | 2 +- ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt index 666f47f4199fb..3e5f90e08dc38 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-auth-message.phpt @@ -29,7 +29,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Malicious OK Auth Response [Extract heap through buffer over-read]: 0900000200000002000000fcff Warning: mysqli::__construct(): OK packet message length is past the packet size in %s on line %d diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt index 0883962321d20..c007ddc93f741 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-def.phpt @@ -35,7 +35,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Running query on the fake server... [*] Received: 140000000353454c454354202a2066726f6d207573657273 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt index c397399a278a9..eee4a5e4f658a 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-filename.phpt @@ -29,7 +29,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Running query on the fake server... [*] Received: 140000000353454c454354202a2066726f6d207573657273 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt index 797acbedff9ad..8cebd9736f909 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-query-len-overflow.phpt @@ -35,7 +35,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Query the fake server... [*] Received: 200000000353454c4543542073747276616c2c2073747276616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt index bf64bb62d1e66..f2f825702c966 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-bit.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 200000001653454c4543542062697476616c2c2074696d76616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt index 99a7381994ae8..ac727c3900e10 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-date.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 200000001653454c4543542073747276616c2c2064617476616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt index c6b9bd79fa981..2a20267961263 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-datetime.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 200000001653454c4543542073747276616c2c2064746976616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt index 460321d2ee5d5..b9a2870ff9dbb 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-double.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 200000001653454c4543542073747276616c2c2064626c76616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt index a1ea19bb4f6b7..31b82b9021a05 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-float.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 200000001653454c4543542073747276616c2c20666c7476616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt index 839fadb21f0e2..52aef83efa9ba 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-int.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 200000001653454c4543542073747276616c2c20696e7476616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt index ce028483dec21..3936ab0ce19e2 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-no-space.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 200000001653454c4543542073747276616c2c2073747276616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt index bd12aee3ed153..c7bcacc14c764 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-string.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 170000001653454c454354206974656d2046524f4d206974656d73 diff --git a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt index 6aa58898a8d55..4002baa12f966 100644 --- a/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt +++ b/ext/mysqli/tests/ghsa-h35g-vwh6-m678-stmt-row-time.phpt @@ -38,7 +38,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Preparing statement on the fake server... [*] Received: 200000001653454c4543542073747276616c2c2074696d76616c2046524f4d2064617461 diff --git a/ext/mysqli/tests/protocol_query_row_fetch_data.phpt b/ext/mysqli/tests/protocol_query_row_fetch_data.phpt index 22f9712ef7fb0..7385295b98850 100644 --- a/ext/mysqli/tests/protocol_query_row_fetch_data.phpt +++ b/ext/mysqli/tests/protocol_query_row_fetch_data.phpt @@ -42,7 +42,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Received: 200000000353454c4543542073747276616c2c20696e7476616c2046524f4d2064617461 [*] Sending - Query execute data intval: 01000001023200000203646566087068705f74657374046461746104646174610673747276616c0673747276616c0ce000c8000000fd01100000003200000303646566087068705f746573740464617461046461746106696e7476616c06696e7476616c0c3f000b00000003011000000005000004fe0000220008000005047465737402313405000006fe00002200 diff --git a/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt b/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt index 6e689f9d2be5f..d3892369ac6ee 100644 --- a/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt +++ b/ext/mysqli/tests/protocol_stmt_row_fetch_data.phpt @@ -43,7 +43,7 @@ print "done!"; [*] Server started on 127.0.0.1:%d [*] Connection established [*] Sending - Server Greeting: 580000000a352e352e352d31302e352e31382d4d6172696144420003000000473e3f6047257c6700fef7080200ff81150000000000000f0000006c6b55463f49335f686c6431006d7973716c5f6e61746976655f70617373776f7264 -[*] Received: 6900000185a21a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 +[*] Received: 6900000185a23a00000000c0080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f7264002c0c5f636c69656e745f6e616d65076d7973716c6e640c5f7365727665725f686f7374093132372e302e302e31 [*] Sending - Server OK: 0700000200000002000000 [*] Received: 200000001653454c4543542073747276616c2c20696e7476616c2046524f4d2064617461 [*] Sending - Stmt prepare data intval: 0c0000010001000000020000000000003200000203646566087068705f74657374046461746104646174610673747276616c0673747276616c0ce000c8000000fd01100000003200000303646566087068705f746573740464617461046461746106696e7476616c06696e7476616c0c3f000b00000003011000000005000004fe00000200 From da49843e58f3f8237db6d84f733d582613ff4abc Mon Sep 17 00:00:00 2001 From: John Lindal Date: Thu, 10 Apr 2025 20:39:05 -0700 Subject: [PATCH 3/4] log mysqlnd protocol for testing --- ext/mysqlnd/mysqlnd_auth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c index fd8c7cb258419..909918f9369c6 100644 --- a/ext/mysqlnd/mysqlnd_auth.c +++ b/ext/mysqlnd/mysqlnd_auth.c @@ -72,7 +72,8 @@ mysqlnd_run_authentication( if (!requested_protocol) { goto end; } - +php_log_err_with_severity(requested_protocol, LOG_NOTICE); +php_log_err_with_severity((char*) plugin_data, LOG_NOTICE); do { struct st_mysqlnd_authentication_plugin * auth_plugin = conn->m->fetch_auth_plugin_by_name(requested_protocol); From c072f642dafcdcc04ede1ed9278fd3916cc1f61c Mon Sep 17 00:00:00 2001 From: John Lindal Date: Thu, 10 Apr 2025 21:45:35 -0700 Subject: [PATCH 4/4] print more debugging info --- ext/mysqlnd/mysqlnd_auth.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c index 909918f9369c6..ac1cce39c9ec5 100644 --- a/ext/mysqlnd/mysqlnd_auth.c +++ b/ext/mysqlnd/mysqlnd_auth.c @@ -78,6 +78,7 @@ php_log_err_with_severity((char*) plugin_data, LOG_NOTICE); struct st_mysqlnd_authentication_plugin * auth_plugin = conn->m->fetch_auth_plugin_by_name(requested_protocol); if (!auth_plugin) { +php_log_err_with_severity("auth plugin not found", LOG_NOTICE); if (first_call) { mnd_pefree(requested_protocol, FALSE); requested_protocol = mnd_pestrdup(MYSQLND_DEFAULT_AUTH_PROTOCOL, FALSE); @@ -113,6 +114,7 @@ php_log_err_with_severity((char*) plugin_data, LOG_NOTICE); passwd_len, plugin_data, plugin_data_len, session_options, conn->protocol_frame_codec->data, mysql_flags); +php_log_err_with_severity((char*) scrambled_data, LOG_NOTICE); } if (conn->error_info->error_no) {