Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8084

OOB write in mysqladmin:mask_password

    XMLWordPrintable

Details

    Description

      If mysqladmin is called purely with options (e.g. mysqladmin -u root), mask_password (the process list password scrubber) gets called with empty argv and zero argc. This causes an OOB write to temp_argv (line 1218 below) that results in a segmentation fault crash of mysqladmin.

      Attached patch against MariaDB 5.5.42 fixes (similar can be applied to other affected branches).

      --mancha

      mariadb-5.5.42/client/mysqladmin.cc:

        1198  static char **mask_password(int argc, char ***argv)
        1199  {
        1200    char **temp_argv;
        1201    temp_argv= (char **)(my_malloc(sizeof(char *) * argc, MYF(MY_WME)));
        1202    argc--;
        1203    while (argc > 0)
        1204    {
        1205      temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
        1206      if (find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_PASSWORD ||
        1207          find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_OLD_PASSWORD)
        1208      {
        1209        char *start= (*argv)[argc];
        1210        while (*start)
        1211          *start++= 'x';
        1212        start= (*argv)[argc];
        1213        if (*start)
        1214          start[1]= 0;                         /* Cut length of argument */
        1215       }
        1216      argc--;
        1217    }
        1218    temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
        1219    return(temp_argv);
        1220  }

      Attachments

        Issue Links

          Activity

            People

              serg Sergei Golubchik
              mancha mancha
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.