Fix auth_switch_request packet handling

bdollma-te · web-flow · commit 341a5a524683 · 2025-01-29T14:59:01.000+09:00
auth_data contains last NUL. Fix #1666 Signed-off-by: Bes Dollma (bdollma) <bdollma@cisco.com>
diff --git a/AUTHORS b/AUTHORS
@@ -23,6 +23,7 @@ Ariel Mashraki <ariel at mashraki.co.il>
 Artur Melanchyk <artur.melanchyk@gmail.com>
 Asta Xie <xiemengjun at gmail.com>
 B Lamarche <blam413 at gmail.com>
+Bes Dollma <bdollma@thousandeyes.com>
 Brian Hendriks <brian at dolthub.com>
 Bulat Gaifullin <gaifullinbf at gmail.com>
 Caine Jette <jette at alum.mit.edu>
@@ -146,4 +147,5 @@ PingCAP Inc.
 Pivotal Inc.
 Shattered Silicon Ltd.
 Stripe Inc.
+ThousandEyes
 Zendesk Inc.
diff --git a/auth_test.go b/auth_test.go
@@ -734,9 +734,9 @@ func TestAuthSwitchCachingSHA256PasswordCached(t *testing.T) {
 
 	expectedReply := []byte{
 		// 1. Packet: Hash
-		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
-		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
-		153, 9, 130,
+		32, 0, 0, 3, 219, 72, 64, 97, 56, 197, 167, 203, 64, 236, 168, 80, 223,
+		56, 103, 217, 196, 176, 124, 60, 253, 41, 195, 10, 205, 190, 177, 206, 63,
+		118, 211, 69,
 	}
 	if !bytes.Equal(conn.written, expectedReply) {
 		t.Errorf("got unexpected data: %v", conn.written)
@@ -803,9 +803,9 @@ func TestAuthSwitchCachingSHA256PasswordFullRSA(t *testing.T) {
 
 	expectedReplyPrefix := []byte{
 		// 1. Packet: Hash
-		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
-		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
-		153, 9, 130,
+		32, 0, 0, 3, 219, 72, 64, 97, 56, 197, 167, 203, 64, 236, 168, 80, 223,
+		56, 103, 217, 196, 176, 124, 60, 253, 41, 195, 10, 205, 190, 177, 206, 63,
+		118, 211, 69,
 
 		// 2. Packet: Pub Key Request
 		1, 0, 0, 5, 2,
@@ -848,9 +848,9 @@ func TestAuthSwitchCachingSHA256PasswordFullRSAWithKey(t *testing.T) {
 
 	expectedReplyPrefix := []byte{
 		// 1. Packet: Hash
-		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
-		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
-		153, 9, 130,
+		32, 0, 0, 3, 219, 72, 64, 97, 56, 197, 167, 203, 64, 236, 168, 80, 223,
+		56, 103, 217, 196, 176, 124, 60, 253, 41, 195, 10, 205, 190, 177, 206, 63,
+		118, 211, 69,
 
 		// 2. Packet: Encrypted Password
 		0, 1, 0, 5, // [changing bytes]
@@ -891,9 +891,9 @@ func TestAuthSwitchCachingSHA256PasswordFullSecure(t *testing.T) {
 
 	expectedReply := []byte{
 		// 1. Packet: Hash
-		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
-		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
-		153, 9, 130,
+		32, 0, 0, 3, 219, 72, 64, 97, 56, 197, 167, 203, 64, 236, 168, 80, 223,
+		56, 103, 217, 196, 176, 124, 60, 253, 41, 195, 10, 205, 190, 177, 206, 63,
+		118, 211, 69,
 
 		// 2. Packet: Cleartext password
 		7, 0, 0, 5, 115, 101, 99, 114, 101, 116, 0,
diff --git a/packets.go b/packets.go
@@ -510,6 +510,9 @@ func (mc *mysqlConn) readAuthResult() ([]byte, string, error) {
 		}
 		plugin := string(data[1:pluginEndIndex])
 		authData := data[pluginEndIndex+1:]
+		if len(authData) > 0 && authData[len(authData)-1] == 0 {
+			authData = authData[:len(authData)-1]
+		}
 		return authData, plugin, nil
 
 	default: // Error otherwise

Original file line number	Diff line number	Diff line change
`@@ -510,6 +510,9 @@ func (mc *mysqlConn) readAuthResult() ([]byte, string, error) {`
`510`	`510`	`}`
`511`	`511`	`plugin := string(data[1:pluginEndIndex])`
`512`	`512`	`authData := data[pluginEndIndex+1:]`
	`513`	`+ if len(authData) > 0 && authData[len(authData)-1] == 0 {`
	`514`	`+ authData = authData[:len(authData)-1]`
	`515`	`+ }`
`513`	`516`	`return authData, plugin, nil`
`514`	`517`
`515`	`518`	`default: // Error otherwise`