[MDEV-26159] maria 10.3 debian-sys-maint password may contain spaces - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Minor
Resolution: Unresolved
Affects Version/s: 10.3.31, 10.3.32
Fix Version/s: 10.3(EOL)
Component/s: None
Labels:
None

Description

In this piece of code:

https://github.com/MariaDB/server/blob/3fbe30024ff0b4e3f6e63027a988564a96b40bc6/debian/mariadb-server-10.3.postinst#L176

it says:

pass="`sed -n 's/^[     ]*password *= *// p' $dc | head -n 1`"

But if – for some reason – the password ends in whitespace, this whitespaces is included in the password later on:
https://github.com/MariaDB/server/blob/3fbe30024ff0b4e3f6e63027a988564a96b40bc6/debian/mariadb-server-10.3.postinst#L204

        "REPLACE INTO user SET " \

        "  host='localhost', user='debian-sys-maint', password=password('$pass'), " \

But all the mysql tools ignore this whitespace. So any attempt to log in using the debian.cnf fails.

Suggested fix:

pass="`sed -n 's/^[[:blank:]]*password[[:blank:]]*=[[:blank:]]*\([^[:blank:]]*\).*/\1/ p' $dc | head -n 1`"

Test:

# pass="`sed -n 's/^[     ]*password *= *// p' /etc/mysql/debian.cnf | head -n 1`"; echo "$pass" | cat -A

example_pass $

# pass="`sed -n 's/^[[:blank:]]*password[[:blank:]]*=[[:blank:]]*\([^[:blank:]]*\).*/\1/ p' /etc/mysql/debian.cnf | head -n 1`"; echo "$pass" | cat -A

example_pass$

Cheers,
Walter

P.S. 10.4+ is unaffected, as it uses passwordless login.

Attachments

Activity

People

Assignee:: Otto Kekäläinen

Reporter:: Walter Doekes

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021-07-16 07:53

Updated:: 2022-08-04 08:40

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.