ext/mysqlnd/mysqlnd_auth.c: Add error handling for invalid public key… #18663
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andr3y-k0v4l3v
requested review from
SakiTakamachi,
bukka and
kamil-tekiela
as code owners
… size Reported-by: Pavel Nekrasov <[email protected]> Signed-off-by: Andrey Kovalev <[email protected]>
andr3y-k0v4l3v
force-pushed
the
fix-key-handling-ext-mysqlnd-mysqlnd_auth
branch
from
d0018f8 to
2054da6
Compare
bukka
reviewed
Jun 2, 2025
There was a problem hiding this comment.
Just to clarify this is very unlikely to ever happen - it would have to be some buggy engine / provider maybe but even then I'm not sure if it's possible to fail on size here. The key is read from PEM using PEM_read_bio_PUBKEY so it should always provide a key that returns size. Anyway it won't probably hurt to do the check but no backport needed for this.
|
|
||
| int pkey_size = EVP_PKEY_size(server_public_key); | ||
|
|
||
| if (pkey_size <= 0) { |
There was a problem hiding this comment.
it's not issue to keep it like that if API ever changed but just to be clear that this will never overflow with the current OpenSSL versions. If it was 0, it would also fail on password check.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
… size
Reported-by: Pavel Nekrasov [email protected]