Skip to content

authentication to a sha256_password account fails over SSL #11440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
weigon opened this issue Jun 12, 2023 · 1 comment
Closed

authentication to a sha256_password account fails over SSL #11440

weigon opened this issue Jun 12, 2023 · 1 comment
Labels
Bug Extension: mysqlnd Status: Verified

Comments

@weigon
Copy link

weigon commented Jun 12, 2023

Description

The following code:

mysql --user=root -e "CREATE USER sha256_19 IDENTIFIED WITH sha256_password BY '0123456789012345678'"
php -r 'mysqli_real_connect(mysqli_init(), "127.0.0.1", "sha256_19", "0123456789012345678", "", 6000, "", MYSQLI_CLIENT_SSL);' // throws

Resulted in this output:

PHP Fatal error:  Uncaught mysqli_sql_exception: Access denied for user 'sha256_19'@'localhost' (using password: YES) in Command line code:1
Stack trace:
#0 Command line code(1): mysqli_real_connect()
#1 {main}
  thrown in Command line code on line 1

But I expected this output instead:

Without forcing SSL it works:

php -r 'mysqli_real_connect(mysqli_init(), "127.0.0.1", "sha256_19", "0123456789012345678", "", 6000, "");'

PHP Version

PHP 8.1.2

Operating System

Ubuntu 22.04
@nielsdos
Copy link
Member

nielsdos commented Jun 12, 2023
edited
Loading

Seems like an off-by-one in mysqlnd_sha256_auth_get_auth_data in the conn->vio->data->ssl case. If I add a NUL byte, then it works...
EDIT: this used to be a bug in another piece of code as well. Okay this seems simple to resolve.

nielsdos added a commit to nielsdos/php-src that referenced this issue Jun 12, 2023
@nielsdos
Fix phpGH-11440: authentication to a sha256_password account fails ov…
e005367 
…er SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.
@nielsdos nielsdos linked a pull request Jun 12, 2023 that will close this issue
Fix GH-11440: authentication to a sha256_password account fails over SSL #11444
Closed
nielsdos added a commit that referenced this issue Aug 2, 2023
@nielsdos
Merge branch 'PHP-8.1' into PHP-8.2
139a692 
* PHP-8.1:
  Fix GH-11440: authentication to a sha256_password account fails over SSL
nielsdos added a commit that referenced this issue Aug 2, 2023
@nielsdos
Merge branch 'PHP-8.2'
6fc8ab2 
* PHP-8.2:
  Fix GH-11440: authentication to a sha256_password account fails over SSL
jorgsowa pushed a commit to jorgsowa/php-src that referenced this issue Aug 16, 2023
@nielsdos
Fix phpGH-11440: authentication to a sha256_password account fails ov…
0e9f5c5 
…er SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Closes phpGH-11444.
@timnolte timnolte mentioned this issue Sep 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Extension: mysqlnd Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-11440: authentication to a sha256_password account fails over SSL nielsdos/php-src
2 participants
@weigon @nielsdos