[MDEV-20110] libmysqlclient allows invalid plugin names Created: 2019-07-21 Updated: 2019-07-22 Resolved: 2019-07-22 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | libmariadb |
| Affects Version/s: | 5.5, 10.1 |
| Fix Version/s: | 5.5.65, 10.1.41 |
| Type: | Bug | Priority: | Blocker |
| Reporter: | Sergei Golubchik | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Description |
|
During authentication the server tells client what plugin to load. The client does not sanitize plugin names as they're coming from the server. |
| Comments |
| Comment by Sergei Golubchik [ 2019-07-22 ] |
|
Commit 82563c5fc0a |