Bug#27099029: UNLIMITED LENGTH OF THE PASSWORD

Description: my_crypt_genhash depends on the length of
             plaintext password. Longer the password,
             more is the time required to produce the
             transformation. An unusually large password
             may consume considerable amount of time.

Fix: Fixed length of plaintext password to 256 bytes for
     SHA256_PASSWORD authentication plugin. Restricted
     PASSWORD() to accept at max 256 bytes if old_passwords
     is set to 2.

Author: harinvadodaria

include/crypt_genhash_impl.h

@@ -1,3 +1,18 @@
+/* Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
 #ifndef CRYPT_HASHGEN_IMPL_H
 #define CRYPT_HASHGEN_IMPL_H
 #define	ROUNDS_DEFAULT	5000
@@ -13,6 +28,8 @@
                                  CRYPT_MAGIC_LENGTH + \
                                  CRYPT_PARAM_LENGTH)
 
+#define MAX_PLAINTEXT_LENGTH 256
+
 #include <stddef.h>
 #include <my_global.h>
 

sql/item_strfunc.cc

@@ -2192,6 +2192,11 @@ static int calculate_password(String *str, char *buffer)
 #if defined(HAVE_OPENSSL)
   if (old_passwords == 2)
   {
+    if (str->length() > MAX_PLAINTEXT_LENGTH)
+    {
+      my_error(ER_NOT_VALID_PASSWORD, MYF(0));
+      return 0;
+    }
     my_make_scrambled_password(buffer, str->ptr(),
                                str->length());
     buffer_len= (int) strlen(buffer) + 1;
@@ -2283,9 +2288,14 @@ char *Item_func_password::
 #if defined(HAVE_OPENSSL)
   else
   {
-    /* Allocate memory for the password scramble and one extra byte for \0 */
-    buff= (char *) thd->alloc(CRYPT_MAX_PASSWORD_SIZE + 1);
-    my_make_scrambled_password(buff, password, pass_len);
+    if (pass_len <= MAX_PLAINTEXT_LENGTH)
+    {
+      /* Allocate memory for the password scramble and one extra byte for \0 */
+      buff= (char *) thd->alloc(CRYPT_MAX_PASSWORD_SIZE + 1);
+      my_make_scrambled_password(buff, password, pass_len);
+    }
+    else
+      my_error(ER_NOT_VALID_PASSWORD, MYF(0));
   }
 #endif
   return buff;

sql/sql_acl.cc

@@ -66,6 +66,10 @@
         "$5$BVZy9O>'a+2MH]_?$fpWyabcdiHjfCVqId/quykZzjaA7adpkcen/uiQrtmOK4p4"
 #endif
 
+#if defined(HAVE_OPENSSL)
+#define SHA256_PASSWORD_MAX_PASSWORD_LENGTH MAX_PLAINTEXT_LENGTH
+#endif /* HAVE_OPENSSL */
+
 using std::min;
 using std::max;
 
@@ -5462,6 +5466,9 @@ int digest_password(THD *thd, LEX_USER *user_record)
   */
   if (user_record->plugin.str == sha256_password_plugin_name.str)
   {
+    if (user_record->password.length > SHA256_PASSWORD_MAX_PASSWORD_LENGTH)
+      return 1;
+
     char *buff=  (char *) thd->alloc(CRYPT_MAX_PASSWORD_SIZE+1);
     if (buff == NULL)
       return 1;
@@ -12621,6 +12628,9 @@ static int sha256_password_authenticate(MYSQL_PLUGIN_VIO *vio,
 #endif
   } // if(!my_vio_is_encrypter())
 
+  if (pkt_len > SHA256_PASSWORD_MAX_PASSWORD_LENGTH + 1)
+    DBUG_RETURN(CR_ERROR);
+
   /* A password was sent to an account without a password */
   if (info->auth_string_length == 0)
     DBUG_RETURN(CR_ERROR);