password cipher fix

julienschmidt · julienschmidt · commit 7f86f42b671c · 2013-03-05T05:49:09.000+01:00
Fixes Issue #35
diff --git a/connection.go b/connection.go
@@ -20,7 +20,7 @@ type mysqlConn struct {
 	cfg          *config
 	flags        ClientFlag
 	charset      byte
-	scrambleBuff []byte
+	cipher       []byte
 	netConn      net.Conn
 	buf          *buffer
 	protocol     uint8
diff --git a/packets.go b/packets.go
@@ -33,15 +33,15 @@ func (mc *mysqlConn) readPacket() (data []byte, err error) {
 		return nil, driver.ErrBadConn
 	}
 
-	// Packet Length
+	// Packet Length [24 bit]
 	pktLen := uint32(data[0]) | uint32(data[1])<<8 | uint32(data[2])<<16
 
-	if pktLen == 0 {
+	if pktLen < 1 {
 		errLog.Print(errMalformPkt.Error())
 		return nil, driver.ErrBadConn
 	}
 
-	// Check Packet Sync
+	// Check Packet Sync [8 bit]
 	if data[3] != mc.sequence {
 		if data[3] > mc.sequence {
 			return nil, errPktSyncMul
@@ -51,7 +51,7 @@ func (mc *mysqlConn) readPacket() (data []byte, err error) {
 	}
 	mc.sequence++
 
-	// Read packet body
+	// Read packet body [pktLen bytes]
 	data = make([]byte, pktLen)
 	err = mc.buf.read(data)
 	if err == nil {
@@ -103,8 +103,8 @@ func (mc *mysqlConn) readInitPacket() (err error) {
 	// connection id [4 bytes]
 	pos := 1 + bytes.IndexByte(data[1:], 0x00) + 1 + 4
 
-	// first part of scramble buffer [8 bytes]
-	mc.scrambleBuff = data[pos : pos+8]
+	// first part of the password cipher [8 bytes]
+	mc.cipher = append(mc.cipher, data[pos:pos+8]...)
 
 	// (filler) always 0x00 [1 byte]
 	pos += 8 + 1
@@ -126,7 +126,11 @@ func (mc *mysqlConn) readInitPacket() (err error) {
 		// reserved (all [00]) [10 byte]
 		pos += 1 + 2 + 2 + 1 + 10
 
-		mc.scrambleBuff = append(mc.scrambleBuff, data[pos:len(data)-1]...)
+		// second part of the password cipher [12? bytes]
+		// The documentation is ambiguous about the length.
+		// The official Python library uses the fixed length 12
+		// which is not documented but seems to work.
+		mc.cipher = append(mc.cipher, data[pos:pos+12]...)
 
 		if data[len(data)-1] == 0 {
 			return
@@ -152,8 +156,8 @@ func (mc *mysqlConn) writeAuthPacket() error {
 	}
 
 	// User Password
-	scrambleBuff := scramblePassword(mc.scrambleBuff, []byte(mc.cfg.passwd))
-	mc.scrambleBuff = nil
+	scrambleBuff := scramblePassword(mc.cipher, []byte(mc.cfg.passwd))
+	mc.cipher = nil
 
 	pktLen := 4 + 4 + 1 + 23 + len(mc.cfg.user) + 1 + 1 + len(scrambleBuff)
 
diff --git a/utils.go b/utils.go
@@ -108,7 +108,7 @@ func scramblePassword(scramble, password []byte) []byte {
 	for i := range result {
 		result[i] = scrambleHash[i] ^ stage1Hash[i]
 	}
-	return result[0:]
+	return result
 }
 
 /******************************************************************************

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ func scramblePassword(scramble, password []byte) []byte {`
`108`	`108`	`for i := range result {`
`109`	`109`	`result[i] = scrambleHash[i] ^ stage1Hash[i]`
`110`	`110`	`}`
`111`		`- return result[0:]`
	`111`	`+ return result`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`/******************************************************************************`