mysql client clear text authentication password should end with a 0x00 byte (#1216)

BillyYccc · web-flow · commit 492849769f00 · 2022-08-30T16:25:14.000+02:00
Signed-off-by: Billy Yuan &lt;billy112487983@gmail.com&gt;

Signed-off-by: Billy Yuan &lt;billy112487983@gmail.com&gt;
diff --git a/vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/codec/ChangeUserCommandCodec.java b/vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/codec/ChangeUserCommandCodec.java
@@ -42,7 +42,7 @@ void decodePayload(ByteBuf payload, int payloadLength) {
     int header = payload.getUnsignedByte(payload.readerIndex());
     switch (header) {
       case AUTH_SWITCH_REQUEST_STATUS_FLAG:
-        handleAuthSwitchRequest(cmd.password().getBytes(StandardCharsets.UTF_8), payload);
+        handleAuthSwitchRequest(cmd.password(), payload);
         break;
       case AUTH_MORE_DATA_STATUS_FLAG:
         handleAuthMoreData(cmd.password().getBytes(StandardCharsets.UTF_8), payload);
@@ -56,28 +56,28 @@ void decodePayload(ByteBuf payload, int payloadLength) {
     }
   }
 
-  private void handleAuthSwitchRequest(byte[] password, ByteBuf payload) {
+  private void handleAuthSwitchRequest(String password, ByteBuf payload) {
     // Protocol::AuthSwitchRequest
     payload.skipBytes(1); // status flag, always 0xFE
     String pluginName = BufferUtils.readNullTerminatedString(payload, StandardCharsets.UTF_8);
     authPluginData = new byte[NONCE_LENGTH];
     payload.readBytes(authPluginData);
-    byte[] authResponse;
     switch (pluginName) {
       case "mysql_native_password":
-        authResponse = Native41Authenticator.encode(password, authPluginData);
+        sendBytesAsPacket(Native41Authenticator.encode(password.getBytes(StandardCharsets.UTF_8), authPluginData));
         break;
       case "caching_sha2_password":
-        authResponse = CachingSha2Authenticator.encode(password, authPluginData);
+        sendBytesAsPacket(CachingSha2Authenticator.encode(password.getBytes(StandardCharsets.UTF_8), authPluginData));
         break;
       case "mysql_clear_password":
-        authResponse = password;
+        ByteBuf buffer = encoder.chctx.alloc().buffer();
+        BufferUtils.writeNullTerminatedString(buffer, password, StandardCharsets.UTF_8);
+        sendNonSplitPacket(buffer);
         break;
       default:
         encoder.handleCommandResponse(CommandResponse.failure(new UnsupportedOperationException("Unsupported authentication method: " + pluginName)));
         return;
     }
-    sendBytesAsPacket(authResponse);
   }
 
   private void sendChangeUserCommand() {
diff --git a/vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/codec/InitialHandshakeCommandCodec.java b/vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/codec/InitialHandshakeCommandCodec.java
@@ -173,7 +173,7 @@ private void handleAuthentication(ByteBuf payload) {
         handleErrorPacketPayload(payload);
         break;
       case AUTH_SWITCH_REQUEST_STATUS_FLAG:
-        handleAuthSwitchRequest(cmd.password().getBytes(StandardCharsets.UTF_8), payload);
+        handleAuthSwitchRequest(cmd.password(), payload);
         break;
       case AUTH_MORE_DATA_STATUS_FLAG:
         handleAuthMoreData(cmd.password().getBytes(StandardCharsets.UTF_8), payload);
@@ -183,28 +183,28 @@ private void handleAuthentication(ByteBuf payload) {
     }
   }
 
-  private void handleAuthSwitchRequest(byte[] password, ByteBuf payload) {
+  private void handleAuthSwitchRequest(String password, ByteBuf payload) {
     // Protocol::AuthSwitchRequest
     payload.skipBytes(1); // status flag, always 0xFE
     String pluginName = BufferUtils.readNullTerminatedString(payload, StandardCharsets.UTF_8);
     byte[] nonce = new byte[NONCE_LENGTH];
     payload.readBytes(nonce);
-    byte[] authResponse;
     switch (pluginName) {
       case "mysql_native_password":
-        authResponse = Native41Authenticator.encode(password, nonce);
+        sendBytesAsPacket(Native41Authenticator.encode(password.getBytes(StandardCharsets.UTF_8), nonce));
         break;
       case "caching_sha2_password":
-        authResponse = CachingSha2Authenticator.encode(password, nonce);
+        sendBytesAsPacket(CachingSha2Authenticator.encode(password.getBytes(StandardCharsets.UTF_8), nonce));
         break;
       case "mysql_clear_password":
-        authResponse = password;
+        ByteBuf buffer = encoder.chctx.alloc().buffer();
+        BufferUtils.writeNullTerminatedString(buffer, password, StandardCharsets.UTF_8);
+        sendNonSplitPacket(buffer);
         break;
       default:
         encoder.handleCommandResponse(CommandResponse.failure(new UnsupportedOperationException("Unsupported authentication method: " + pluginName)));
         return;
     }
-    sendBytesAsPacket(authResponse);
   }
 
   private void sendSslRequest() {
@@ -249,7 +249,10 @@ private void sendHandshakeResponseMessage(String username, String password, Stri
           authResponse = CachingSha2Authenticator.encode(password.getBytes(StandardCharsets.UTF_8), nonce);
           break;
         case "mysql_clear_password":
-          authResponse = password.getBytes(StandardCharsets.UTF_8);
+          ByteBuf buffer = encoder.chctx.alloc().heapBuffer();
+          BufferUtils.writeNullTerminatedString(buffer, password, StandardCharsets.UTF_8);
+          authResponse = new byte[buffer.readableBytes()];
+          buffer.readBytes(authResponse);
           break;
         default:
           LOGGER.warn("Unknown authentication method: " + authMethod + ", the client will try to use mysql_native_password instead.");
