Fix parsing salt value for mysql. Fixes #596

2025-12-07 21:21:31 +00:00 · 2016-11-29 22:35:51 +00:00
parent 30f41875d3
commit 636823622c
2 changed files with 5 additions and 1 deletions
--- a/4
+++ b/4
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o [NSE][GH#596] Fix a bug in mysql.lua that caused authentication failures in
+  mysql-brute and other scripts due to including a null terminator in the salt
+  value. This bug affects Nmap 7.25BETA2 and later releases.  [Daniel Miller]
+
 o The --open option now implies --defeat-rst-ratelimit. This may result in
  inaccuracies in the numbers of "Not shown:" closed and filtered ports, but
  only in situations where it also speeds up scan times. [Daniel Miller]
--- a/nselib/mysql.lua
+++ b/nselib/mysql.lua
@@ -149,7 +149,7 @@ function receiveGreeting( socket )
        stdnse.debug2("reserved bytes are not nulls")
      end
      if response.capabilities & Capabilities.Support41Auth > 0 then
-        pos, tmp = bin.unpack("A" .. math.max(13, auth_plugin_len - 8), data, pos)
+        pos, tmp, _ = bin.unpack("A" .. (math.max(13, auth_plugin_len - 8) - 1) .. "x", data, pos)
        response.salt = response.salt .. tmp
      end
      if response.extcapabilities & ExtCapabilities.SupportsAuthPlugins > 0 then