Remove make_scrambled_password and make_scrambled_password_323 from mysql.h

2011-07-12 13:58:47 -04:00 · 2011-07-12 13:58:47 -04:00 · c606a777c1
commit c606a777c1
parent 0796115f4d
2 changed files with 130 additions and 16 deletions
--- a/mysql-dubious-exports.patch
+++ b/mysql-dubious-exports.patch
@ -2,10 +2,39 @@ Prefix mysql_ to the real names of several symbols that have to be exported
 from libmysqlclient because mysql-connector-odbc and/or PHP depend on them.
 This limits the intrusion on application namespace.

+Also, remove all traces of make_scrambled_password and
+make_scrambled_password_323, so that references to these functions draw
+compile-time warnings, per a suggestion from Paul Howarth in bug #690346.
+It doesn't seem worth trying to get rid of all the internal symbols exposed
+by mysql.h, but these two are relatively easy to get rid of.

-diff -Naur mysql-5.5.8.orig/include/errmsg.h mysql-5.5.8/include/errmsg.h
--- mysql-5.5.8.orig/include/errmsg.h	2010-12-03 12:58:24.000000000 -0500
-+++ mysql-5.5.8/include/errmsg.h	2010-12-27 14:29:59.184552374 -0500
+
+diff -Naur mysql-5.5.14.orig/client/mysqladmin.cc mysql-5.5.14/client/mysqladmin.cc
+--- mysql-5.5.14.orig/client/mysqladmin.cc	2011-06-21 12:42:41.000000000 -0400
+++ mysql-5.5.14/client/mysqladmin.cc	2011-07-12 12:19:59.578066771 -0400
+@@ -20,6 +20,7 @@
+ #include <my_pthread.h>				/* because of signal()	*/
+ #include <sys/stat.h>
+ #include <mysql.h>
+#include <password.h>       /* my_make_scrambled_password_323, my_make_scrambled_password */
+ #include <sql_common.h>
+ #include <welcome_copyright_notice.h>           /* ORACLE_WELCOME_COPYRIGHT_NOTICE */
+ 
+@@ -975,9 +976,9 @@
+           }
+         }
+         if (old)
+-          make_scrambled_password_323(crypted_pw, typed_password);
+          my_make_scrambled_password_323(crypted_pw, typed_password, strlen(typed_password));
+         else
+-          make_scrambled_password(crypted_pw, typed_password);
+          my_make_scrambled_password(crypted_pw, typed_password, strlen(typed_password));
+       }
+       else
+ 	crypted_pw[0]=0;			/* No password */
+diff -Naur mysql-5.5.14.orig/include/errmsg.h mysql-5.5.14/include/errmsg.h
+--- mysql-5.5.14.orig/include/errmsg.h	2011-06-21 12:42:39.000000000 -0400
+++ mysql-5.5.14/include/errmsg.h	2011-07-12 11:55:29.194204015 -0400
@@ -24,6 +24,7 @@
 #endif
 void	init_client_errs(void);
@ -14,10 +43,10 @@ diff -Naur mysql-5.5.8.orig/include/errmsg.h mysql-5.5.8/include/errmsg.h
 extern const char *client_errors[];	/* Error messages */
 #ifdef	__cplusplus
 }
-diff -Naur mysql-5.5.8.orig/include/my_sys.h mysql-5.5.8/include/my_sys.h
--- mysql-5.5.8.orig/include/my_sys.h	2010-12-03 12:58:24.000000000 -0500
-+++ mysql-5.5.8/include/my_sys.h	2010-12-27 14:27:23.956926896 -0500
-@@ -227,6 +227,7 @@
+diff -Naur mysql-5.5.14.orig/include/my_sys.h mysql-5.5.14/include/my_sys.h
+--- mysql-5.5.14.orig/include/my_sys.h	2011-06-21 12:42:39.000000000 -0400
+++ mysql-5.5.14/include/my_sys.h	2011-07-12 11:55:29.195231427 -0400
+@@ -223,6 +223,7 @@
 
 /* charsets */
 #define MY_ALL_CHARSETS_SIZE 2048
@ -25,7 +54,7 @@ diff -Naur mysql-5.5.8.orig/include/my_sys.h mysql-5.5.8/include/my_sys.h
 extern MYSQL_PLUGIN_IMPORT CHARSET_INFO *default_charset_info;
 extern MYSQL_PLUGIN_IMPORT CHARSET_INFO *all_charsets[MY_ALL_CHARSETS_SIZE];
 extern CHARSET_INFO compiled_charsets[];
-@@ -914,6 +915,9 @@
+@@ -900,6 +901,9 @@
 extern uint get_collation_number(const char *name);
 extern const char *get_charset_name(uint cs_number);
 
@ -35,9 +64,9 @@ diff -Naur mysql-5.5.8.orig/include/my_sys.h mysql-5.5.8/include/my_sys.h
 extern CHARSET_INFO *get_charset(uint cs_number, myf flags);
 extern CHARSET_INFO *get_charset_by_name(const char *cs_name, myf flags);
 extern CHARSET_INFO *get_charset_by_csname(const char *cs_name,
-diff -Naur mysql-5.5.8.orig/include/mysql.h.pp mysql-5.5.8/include/mysql.h.pp
--- mysql-5.5.8.orig/include/mysql.h.pp	2010-12-03 12:58:24.000000000 -0500
-+++ mysql-5.5.8/include/mysql.h.pp	2010-12-27 14:27:23.956926896 -0500
+diff -Naur mysql-5.5.14.orig/include/mysql.h.pp mysql-5.5.14/include/mysql.h.pp
+--- mysql-5.5.14.orig/include/mysql.h.pp	2011-06-21 12:42:39.000000000 -0400
+++ mysql-5.5.14/include/mysql.h.pp	2011-07-12 11:58:43.662068564 -0400
@@ -86,7 +86,7 @@
 void my_net_local_init(NET *net);
 void net_end(NET *net);
@ -47,10 +76,24 @@ diff -Naur mysql-5.5.8.orig/include/mysql.h.pp mysql-5.5.8/include/mysql.h.pp
 my_bool net_flush(NET *net);
 my_bool my_net_write(NET *net,const unsigned char *packet, size_t len);
 my_bool net_write_command(NET *net,unsigned char command,
-diff -Naur mysql-5.5.8.orig/include/mysql_com.h mysql-5.5.8/include/mysql_com.h
--- mysql-5.5.8.orig/include/mysql_com.h	2010-12-03 12:58:24.000000000 -0500
-+++ mysql-5.5.8/include/mysql_com.h	2010-12-27 14:27:23.957927198 -0500
-@@ -448,6 +448,7 @@
+@@ -128,13 +128,11 @@
+ double my_rnd(struct rand_struct *);
+ void create_random_string(char *to, unsigned int length, struct rand_struct *rand_st);
+ void hash_password(unsigned long *to, const char *password, unsigned int password_len);
+-void make_scrambled_password_323(char *to, const char *password);
+ void scramble_323(char *to, const char *message, const char *password);
+ my_bool check_scramble_323(const unsigned char *reply, const char *message,
+                            unsigned long *salt);
+ void get_salt_from_password_323(unsigned long *res, const char *password);
+ void make_password_from_salt_323(char *to, const unsigned long *salt);
+-void make_scrambled_password(char *to, const char *password);
+ void scramble(char *to, const char *message, const char *password);
+ my_bool check_scramble(const unsigned char *reply, const char *message,
+                        const unsigned char *hash_stage2);
+diff -Naur mysql-5.5.14.orig/include/mysql_com.h mysql-5.5.14/include/mysql_com.h
+--- mysql-5.5.14.orig/include/mysql_com.h	2011-06-21 12:42:39.000000000 -0400
+++ mysql-5.5.14/include/mysql_com.h	2011-07-12 11:58:52.166065391 -0400
+@@ -452,6 +452,7 @@
 void	my_net_local_init(NET *net);
 void	net_end(NET *net);
   void	net_clear(NET *net, my_bool clear_buffer);
@ -58,3 +101,69 @@ diff -Naur mysql-5.5.8.orig/include/mysql_com.h mysql-5.5.8/include/mysql_com.h
 my_bool net_realloc(NET *net, size_t length);
 my_bool	net_flush(NET *net);
 my_bool	my_net_write(NET *net,const unsigned char *packet, size_t len);
+@@ -533,14 +534,12 @@
+ void create_random_string(char *to, unsigned int length, struct rand_struct *rand_st);
+ 
+ void hash_password(unsigned long *to, const char *password, unsigned int password_len);
+-void make_scrambled_password_323(char *to, const char *password);
+ void scramble_323(char *to, const char *message, const char *password);
+ my_bool check_scramble_323(const unsigned char *reply, const char *message,
+                            unsigned long *salt);
+ void get_salt_from_password_323(unsigned long *res, const char *password);
+ void make_password_from_salt_323(char *to, const unsigned long *salt);
+ 
+-void make_scrambled_password(char *to, const char *password);
+ void scramble(char *to, const char *message, const char *password);
+ my_bool check_scramble(const unsigned char *reply, const char *message,
+                        const unsigned char *hash_stage2);
+diff -Naur mysql-5.5.14.orig/sql/password.c mysql-5.5.14/sql/password.c
+--- mysql-5.5.14.orig/sql/password.c	2011-06-21 12:42:40.000000000 -0400
+++ mysql-5.5.14/sql/password.c	2011-07-12 11:59:29.194068612 -0400
+@@ -154,23 +154,6 @@
+ 
+ 
+ /*
+-  Wrapper around my_make_scrambled_password_323() to maintain client lib ABI
+-  compatibility.
+-  In server code usage of my_make_scrambled_password_323() is preferred to
+-  avoid strlen().
+-  SYNOPSIS
+-    make_scrambled_password_323()
+-    to        OUT store scrambled password here
+-    password  IN  NULL-terminated string with user-supplied password
+-*/
+-
+-void make_scrambled_password_323(char *to, const char *password)
+-{
+-  my_make_scrambled_password_323(to, password, strlen(password));
+-}
+-
+-
+-/*
+     Scramble string with password.
+     Used in pre 4.1 authentication phase.
+   SYNOPSIS
+@@ -433,23 +416,6 @@
+   
+ 
+ /*
+-  Wrapper around my_make_scrambled_password() to maintain client lib ABI
+-  compatibility.
+-  In server code usage of my_make_scrambled_password() is preferred to
+-  avoid strlen().
+-  SYNOPSIS
+-    make_scrambled_password()
+-    buf       OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
+-    password  IN  NULL-terminated password string
+-*/
+-
+-void make_scrambled_password(char *to, const char *password)
+-{
+-  my_make_scrambled_password(to, password, strlen(password));
+-}
+-
+-
+-/*
+     Produce an obscure octet sequence from password and random
+     string, recieved from the server. This sequence corresponds to the
+     password, but password can not be easily restored from it. The sequence
--- a/mysql.spec
+++ b/mysql.spec
@ -1,6 +1,6 @@
 Name: mysql
 Version: 5.5.14
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: MySQL client programs and shared libraries
 Group: Applications/Databases
 URL: http://www.mysql.com
@ -611,6 +611,11 @@ fi
 %{_mandir}/man1/mysql_client_test.1*

 %changelog
+* Tue Jul 12 2011 Tom Lane <tgl@redhat.com> 5.5.14-2
+- Remove make_scrambled_password and make_scrambled_password_323 from mysql.h,
+  since we're not allowing clients to call those functions anyway
+Related: #690346
+
 * Mon Jul 11 2011 Tom Lane <tgl@redhat.com> 5.5.14-1
 - Update to MySQL 5.5.14, for various fixes described at
  http://dev.mysql.com/doc/refman/5.5/en/news-5-5-14.html