From 4d5c8c9177e238cf2e983e2d5fe440d8483f1af2 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <ilia@ilia.ws>
Date: Tue, 16 Jun 2026 16:17:16 -0400
Subject: [PATCH] Guard against short server scramble in sha256_password auth

mysqlnd_sha256_auth_get_auth_data() XORs SCRAMBLE_LENGTH bytes of the
server-supplied scramble into the password without checking the scramble
is at least that long, unlike the native and caching_sha2 plugins which
reject a short scramble with CR_MALFORMED_PACKET. A server reporting a
scramble shorter than 20 bytes shrinks the heap buffer the scramble is
copied into, so the XOR reads past it. Add the same length guard the
sibling plugins use.
---
 ext/mysqlnd/mysqlnd_auth.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
index ea9755c982ed..f5502cc99ed0 100644
--- a/ext/mysqlnd/mysqlnd_auth.c
+++ b/ext/mysqlnd/mysqlnd_auth.c
@@ -908,6 +908,11 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self
 	DBG_ENTER("mysqlnd_sha256_auth_get_auth_data");
 	DBG_INF_FMT("salt(%zu)=[%.*s]", auth_plugin_data_len, (int) auth_plugin_data_len, auth_plugin_data);
 
+	if (auth_plugin_data_len < SCRAMBLE_LENGTH) {
+		SET_CLIENT_ERROR(conn->error_info, CR_MALFORMED_PACKET, UNKNOWN_SQLSTATE, "The server sent wrong length for scramble");
+		DBG_ERR_FMT("The server sent wrong length for scramble %zu. Expected %u", auth_plugin_data_len, SCRAMBLE_LENGTH);
+		DBG_RETURN(NULL);
+	}
 
 	if (conn->vio->data->ssl) {
 		DBG_INF("simple clear text under SSL");