[#MDEV-26159] maria 10.3 debian-sys-maint password may contain spaces

[MDEV-26159] maria 10.3 debian-sys-maint password may contain spaces Created: 2021-07-16 Updated: 2022-08-04
Status:	Open
Project:	MariaDB Server
Component/s:	None
Affects Version/s:	10.3.31, 10.3.32
Fix Version/s:	10.3

Type:

Bug

Priority:

Minor

Reporter:

Walter Doekes

Assignee:

Otto Kekäläinen

Resolution:

Unresolved

Votes:

Labels:

None

Description

In this piece of code:

https://github.com/MariaDB/server/blob/3fbe30024ff0b4e3f6e63027a988564a96b40bc6/debian/mariadb-server-10.3.postinst#L176

it says:

pass="`sed -n 's/^[     ]*password *= *// p' $dc | head -n 1`"

But if – for some reason – the password ends in whitespace, this whitespaces is included in the password later on:
https://github.com/MariaDB/server/blob/3fbe30024ff0b4e3f6e63027a988564a96b40bc6/debian/mariadb-server-10.3.postinst#L204

        "REPLACE INTO user SET " \

        "  host='localhost', user='debian-sys-maint', password=password('$pass'), " \

But all the mysql tools ignore this whitespace. So any attempt to log in using the debian.cnf fails.

Suggested fix:

pass="`sed -n 's/^[[:blank:]]*password[[:blank:]]*=[[:blank:]]*\([^[:blank:]]*\).*/\1/ p' $dc | head -n 1`"

Test:

# pass="`sed -n 's/^[     ]*password *= *// p' /etc/mysql/debian.cnf | head -n 1`"; echo "$pass" | cat -A

example_pass $

# pass="`sed -n 's/^[[:blank:]]*password[[:blank:]]*=[[:blank:]]*\([^[:blank:]]*\).*/\1/ p' /etc/mysql/debian.cnf | head -n 1`"; echo "$pass" | cat -A

example_pass$

Cheers,
Walter

P.S. 10.4+ is unaffected, as it uses passwordless login.

Comments

Comment by Anel Husakovic [ 2021-07-16 ]

otto FYI

Generated at Thu Feb 08 09:43:11 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-26159] maria 10.3 debian-sys-maint password may contain spaces Created: 2021-07-16 Updated: 2022-08-04