Fix auth_switch_request packet handling

auth_data contains last NUL. Fix #1666 Signed-off-by: Bes Dollma (bdollma) <bdollma@cisco.com>
go-sql-driver · Jan 29, 2025 · 341a5a5 · 341a5a5
1 parent 85c6311
commit 341a5a5
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 12 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -23,6 +23,7 @@ Ariel Mashraki <ariel at mashraki.co.il>
 Artur Melanchyk <artur.melanchyk@gmail.com>
 Asta Xie <xiemengjun at gmail.com>
 B Lamarche <blam413 at gmail.com>
+Bes Dollma <bdollma@thousandeyes.com>
 Brian Hendriks <brian at dolthub.com>
 Bulat Gaifullin <gaifullinbf at gmail.com>
 Caine Jette <jette at alum.mit.edu>
@@ -146,4 +147,5 @@ PingCAP Inc.
 Pivotal Inc.
 Shattered Silicon Ltd.
 Stripe Inc.
+ThousandEyes
 Zendesk Inc.
diff --git a/auth_test.go b/auth_test.go
@@ -734,9 +734,9 @@ func TestAuthSwitchCachingSHA256PasswordCached(t *testing.T) {
 
 	expectedReply := []byte{
 		// 1. Packet: Hash
-		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
-		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
-		153, 9, 130,
+		32, 0, 0, 3, 219, 72, 64, 97, 56, 197, 167, 203, 64, 236, 168, 80, 223,
+		56, 103, 217, 196, 176, 124, 60, 253, 41, 195, 10, 205, 190, 177, 206, 63,
+		118, 211, 69,
 	}
 	if !bytes.Equal(conn.written, expectedReply) {
 		t.Errorf("got unexpected data: %v", conn.written)
@@ -803,9 +803,9 @@ func TestAuthSwitchCachingSHA256PasswordFullRSA(t *testing.T) {
 
 	expectedReplyPrefix := []byte{
 		// 1. Packet: Hash
-		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
-		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
-		153, 9, 130,
+		32, 0, 0, 3, 219, 72, 64, 97, 56, 197, 167, 203, 64, 236, 168, 80, 223,
+		56, 103, 217, 196, 176, 124, 60, 253, 41, 195, 10, 205, 190, 177, 206, 63,
+		118, 211, 69,
 
 		// 2. Packet: Pub Key Request
 		1, 0, 0, 5, 2,
@@ -848,9 +848,9 @@ func TestAuthSwitchCachingSHA256PasswordFullRSAWithKey(t *testing.T) {
 
 	expectedReplyPrefix := []byte{
 		// 1. Packet: Hash
-		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
-		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
-		153, 9, 130,
+		32, 0, 0, 3, 219, 72, 64, 97, 56, 197, 167, 203, 64, 236, 168, 80, 223,
+		56, 103, 217, 196, 176, 124, 60, 253, 41, 195, 10, 205, 190, 177, 206, 63,
+		118, 211, 69,
 
 		// 2. Packet: Encrypted Password
 		0, 1, 0, 5, // [changing bytes]
@@ -891,9 +891,9 @@ func TestAuthSwitchCachingSHA256PasswordFullSecure(t *testing.T) {
 
 	expectedReply := []byte{
 		// 1. Packet: Hash
-		32, 0, 0, 3, 129, 93, 132, 95, 114, 48, 79, 215, 128, 62, 193, 118, 128,
-		54, 75, 208, 159, 252, 227, 215, 129, 15, 242, 97, 19, 159, 31, 20, 58,
-		153, 9, 130,
+		32, 0, 0, 3, 219, 72, 64, 97, 56, 197, 167, 203, 64, 236, 168, 80, 223,
+		56, 103, 217, 196, 176, 124, 60, 253, 41, 195, 10, 205, 190, 177, 206, 63,
+		118, 211, 69,
 
 		// 2. Packet: Cleartext password
 		7, 0, 0, 5, 115, 101, 99, 114, 101, 116, 0,

diff --git a/packets.go b/packets.go
@@ -510,6 +510,9 @@ func (mc *mysqlConn) readAuthResult() ([]byte, string, error) {
 		}
 		plugin := string(data[1:pluginEndIndex])
 		authData := data[pluginEndIndex+1:]
+		if len(authData) > 0 && authData[len(authData)-1] == 0 {
+			authData = authData[:len(authData)-1]
+		}
 		return authData, plugin, nil
 
 	default: // Error otherwise