[MDEV-39274] Document invariant ensuring passwd stays within packet bounds - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 13.0
Fix Version/s: 13.0.1
Component/s: Authentication and Privilege System
Labels:
None

Bug Category:
Not for Release Notes

Description

Problem:

If the username terminator is the last byte in the packet, passwd can reach the end of the packet buffer. The code then dereferences *passwd before checking bounds, leading to a potential out-of-bounds read, if the whole packet was never zero terminated by the lower layers.

Fix: Add a boundary check DEBUG_ASSERT before the dereference.

Attachments

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Georgi Kodinov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2026-04-07 10:05

Updated:: 2026-04-23 06:20

Resolved:: 2026-04-23 06:20

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.