Guard against short server scramble in sha256_password auth

iliaal · iliaal · commit 4d5c8c9177e2 · 2026-06-16T16:17:16.000-04:00
mysqlnd_sha256_auth_get_auth_data() XORs SCRAMBLE_LENGTH bytes of the
server-supplied scramble into the password without checking the scramble
is at least that long, unlike the native and caching_sha2 plugins which
reject a short scramble with CR_MALFORMED_PACKET. A server reporting a
scramble shorter than 20 bytes shrinks the heap buffer the scramble is
copied into, so the XOR reads past it. Add the same length guard the
sibling plugins use.
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
@@ -908,6 +908,11 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self
 	DBG_ENTER("mysqlnd_sha256_auth_get_auth_data");
 	DBG_INF_FMT("salt(%zu)=[%.*s]", auth_plugin_data_len, (int) auth_plugin_data_len, auth_plugin_data);
 
+	if (auth_plugin_data_len < SCRAMBLE_LENGTH) {
+		SET_CLIENT_ERROR(conn->error_info, CR_MALFORMED_PACKET, UNKNOWN_SQLSTATE, "The server sent wrong length for scramble");
+		DBG_ERR_FMT("The server sent wrong length for scramble %zu. Expected %u", auth_plugin_data_len, SCRAMBLE_LENGTH);
+		DBG_RETURN(NULL);
+	}
 
 	if (conn->vio->data->ssl) {
 		DBG_INF("simple clear text under SSL");
