Skip to content

Handshake is now more resilient #474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 62 commits into from
May 7, 2025
Merged

Handshake is now more resilient #474

merged 62 commits into from
May 7, 2025

Conversation

anarthal
Copy link
Collaborator

Errors issued by the server for caching_sha2_password users after a fast auth OK packet has been received (e.g. bad database errors) are now reported correctly
Handshake now correctly detects protocol violation errors, like double auth switches

close #469
close #468

anarthal added 30 commits April 25, 2025 21:29
@anarthal
Initial impl
70a6b59
@anarthal
hashed password now returned by value
9baa223
@anarthal
keep next_action_type
9610b85
@anarthal
use static_buffer constructor
30233c8
@anarthal
mnp ref
6b3be84
@anarthal
hash password are now standalone fns
18ab96d
@anarthal
Refactor the algo to be more strict with auth switches
b604a73
@anarthal
cleanup deserialize_handshake_server_response
0dda761
@anarthal
lcov_excl_line
46fdba0
@anarthal
make functions static members
2601ecf
@anarthal
refactor process_capabilities
228f2f1
@anarthal
remove hashed_password
554335a
@anarthal
new error code
2da22d5
@anarthal
Refactor repeated constants
0105779
@anarthal
bad_handshake_packet_type support code
decea91
@anarthal
static_buffer refactor
94e64ec
@anarthal
static_buffer data/size tests
f3341af
@anarthal
fix potential UB in append
df73022
@anarthal
csha2p hash password tests
1b19c42
@anarthal
mnp tests
c336981
@anarthal
handshake utilities to separate file
46780f4
@anarthal
split mnp
d3c7043
@anarthal
Recovered check for more data in mnp
bd3b682
@anarthal
split csha2p
4dc7cd5
@anarthal
include cleanup
af68703
@anarthal
fastok fastok
db15873
@anarthal
fastok fullauth
ea6f753
@anarthal
fastok authswitch
3a5d669
@anarthal
moredata
bd6636d
@anarthal
reformulate fullauth err
614f7c7
anarthal added 27 commits April 27, 2025 21:08
@anarthal
split capability tests
7edff5e
@anarthal
split connection state data
49dbcfa
@anarthal
move & cleanup handshake tests
6404b03
@anarthal
jamfile/cmake
17ba556
@anarthal
Fixed an issue with doubly setting the seqnum
aeb8f94
@anarthal
Remove use_ssl
250686b
@anarthal
Re-enable bad DB caching_sha2_password integ tests
5a2a329
@anarthal
unit test rearrengement
830b4a7
@anarthal
handshake now resets state on failure
6f14934
@anarthal
hello errors
c0ccfe3
@anarthal
initial response err
1c39039
@anarthal
auth switch tests
7951264
@anarthal
unknown auth plugin
b84b6ce
@anarthal
auth switch to itself
6e7e678
@anarthal
authswitch after more data
265d600
@anarthal
db_flavor after more_data
4ccd908
@anarthal
move connection status to connection_state_data tests
8da59ee
@anarthal
network errors
22f8540
@anarthal
fix typo in fuzzer
904cafe
@anarthal
missing include
72a5eb1
@anarthal
remove some TODOs
a2150b5
@anarthal
Remove make_string_view
43a9412
@anarthal
lcov excl line
f73e34d
@anarthal
update test suite name
7152720
@anarthal
move hash tsts
76e06d4
@anarthal
missing includes
edd676c
@anarthal
Merge branch 'develop' into feature/469-handshake-hardening
40af68a
@codecov Codecov
Copy link

codecov bot commented May 7, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 99.39759% with 1 line in your changes missing coverage. Please review.

Project coverage is 99.15%. Comparing base (6839555) to head (40af68a).
Report is 1 commits behind head on develop.

Files with missing lines Patch % Lines
...ude/boost/mysql/impl/internal/sansio/handshake.hpp 98.87% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##           develop     #474   +/-   ##
========================================
  Coverage    99.14%   99.15%           
========================================
  Files          142      143    +1     
  Lines         7278     7297   +19     
========================================
+ Hits          7216     7235   +19     
  Misses          62       62
Files with missing lines Coverage Δ
include/boost/mysql/client_errc.hpp 100.00% <ø> (ø)
include/boost/mysql/impl/error_categories.ipp 98.78% <100.00%> (+0.03%) ⬆️
...t/mysql/impl/internal/protocol/deserialization.hpp 97.31% <100.00%> (-0.39%) ⬇️
...ost/mysql/impl/internal/protocol/static_buffer.hpp 100.00% <100.00%> (ø)
...sql/impl/internal/sansio/caching_sha2_password.hpp 100.00% <100.00%> (ø)
...sql/impl/internal/sansio/connection_state_data.hpp 100.00% <100.00%> (ø)
...sql/impl/internal/sansio/mysql_native_password.hpp 100.00% <100.00%> (ø)
include/boost/mysql/impl/is_fatal_error.ipp 100.00% <100.00%> (ø)
...ude/boost/mysql/impl/internal/sansio/handshake.hpp 99.23% <98.87%> (+0.95%) ⬆️

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6839555...40af68a. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@anarthal anarthal merged commit 90405e7 into develop May 7, 2025
6 checks passed
@anarthal anarthal deleted the feature/469-handshake-hardening branch May 7, 2025 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handshake hardening Incorrect error message with caching_sha2_password user triggers a non-password error during handshake
1 participant
@anarthal