From ae78429c08662550e71961c85aafa28fcbc7a880 Mon Sep 17 00:00:00 2001
From: pr-hung <bkedx0000@gmail.com>
Date: Wed, 11 Mar 2026 23:11:00 +0800
Subject: [PATCH] Fix potential vulnerability in cloned code
 (phx_percona/percona/sql/sql_acl.cc)

---
 phx_percona/percona/sql/sql_acl.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/phx_percona/percona/sql/sql_acl.cc b/phx_percona/percona/sql/sql_acl.cc
index 0d243a0..ba48ce1 100644
--- a/phx_percona/percona/sql/sql_acl.cc
+++ b/phx_percona/percona/sql/sql_acl.cc
@@ -5208,6 +5208,9 @@ int digest_password(THD *thd, LEX_USER *user_record)
   */
   if (user_record->plugin.str == sha256_password_plugin_name.str)
   {
+    if (user_record->password.length > SHA256_PASSWORD_MAX_PASSWORD_LENGTH)
+      return 1;
+
     char *buff=  (char *) thd->alloc(CRYPT_MAX_PASSWORD_SIZE+1);
     if (buff == NULL)
       return 1;
@@ -12368,6 +12371,9 @@ static int sha256_password_authenticate(MYSQL_PLUGIN_VIO *vio,
 #endif
   } // if(!my_vio_is_encrypter())
 
+  if (pkt_len > SHA256_PASSWORD_MAX_PASSWORD_LENGTH + 1)
+    DBUG_RETURN(CR_ERROR);
+
   /* A password was sent to an account without a password */
   if (info->auth_string_length == 0)
     DBUG_RETURN(CR_ERROR);