yubico-pam
yubico-pam copied to clipboard
Published
20 hours ago •
Yubico
Yubico
Mysql close connection after return
in util.c
while(!mysql_stmt_fetch(stmt))
{
if(bind[0].is_null_value)
{
D (debug_file, "mysql_stmt_fetch() failed");
}
else
{
if(otp_id != NULL){
if(int_data)
{
return AUTH_FOUND;
}
else
{
return AUTH_NOT_FOUND;
}
}
else if(otp_id == NULL)
{
if(int_data)
{
return AUTH_NOT_FOUND;
}
else
{
return AUTH_NO_TOKENS;
}
}
}
}
if(mysql_stmt_close(stmt))
{
if(verbose)
D (debug_file, "mysql_stmt_close() failed %s", mysql_stmt_error(stmt));
return retval;
}
mysql_close(con);
mysql_library_end();
Close connection is after the return.
In production mode with lot of users, that can cause too many connection quickly on the database.
I will propose a fix in a pull request.
hot fix would be :
if(mysql_stmt_close(stmt))
{
if(verbose)
D (debug_file, "mysql_stmt_close() failed %s", mysql_stmt_error(stmt));
return retval;
}
mysql_close(con);
mysql_library_end();
while(!mysql_stmt_fetch(stmt))
{
if(bind[0].is_null_value)
{
D (debug_file, "mysql_stmt_fetch() failed");
}
else
{
if(otp_id != NULL){
if(int_data)
{
return AUTH_FOUND;
}
else
{
return AUTH_NOT_FOUND;
}
}
else if(otp_id == NULL)
{
if(int_data)
{
return AUTH_NOT_FOUND;
}
else
{
return AUTH_NO_TOKENS;
}
}
}
}
But in case of errors before this, that can cause a security issue (DDOS).
