Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: 10.0.17, 5.5.42
-
Component/s: Scripts & Clients
-
Labels:None
-
Environment:Linux
Description
If mysqladmin is called purely with options (e.g. mysqladmin -u root), mask_password (the process list password scrubber) gets called with empty argv and zero argc. This causes an OOB write to temp_argv (line 1218 below) that results in a segmentation fault crash of mysqladmin.
Attached patch against MariaDB 5.5.42 fixes (similar can be applied to other affected branches).
--mancha
mariadb-5.5.42/client/mysqladmin.cc:
1198 static char **mask_password(int argc, char ***argv)
1199 {
1200 char **temp_argv;
1201 temp_argv= (char **)(my_malloc(sizeof(char *) * argc, MYF(MY_WME)));
1202 argc--;
1203 while (argc > 0)
1204 {
1205 temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
1206 if (find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_PASSWORD ||
1207 find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_OLD_PASSWORD)
1208 {
1209 char *start= (*argv)[argc];
1210 while (*start)
1211 *start++= 'x';
1212 start= (*argv)[argc];
1213 if (*start)
1214 start[1]= 0; /* Cut length of argument */
1215 }
1216 argc--;
1217 }
1218 temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
1219 return(temp_argv);
1220 }
Gliffy Diagrams
Attachments
Issue Links
- is duplicated by
-
MDEV-7883 Segmentation failure when running mysqladmin -u root -p
-
- Closed
-
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Thanks!
We have just fixed it in 5.5.43, see
MDEV-7883