From 1ac863c7573d12012374d5d41e5c7dc5505ea6e1 Mon Sep 17 00:00:00 2001
From: Madhura Jayaratne <madhura.cj@gmail.com>
Date: Tue, 2 Dec 2014 21:20:59 +0530
Subject: [PATCH 1/1] bug #4611 [security] DOS attack with long passwords

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
---
 ChangeLog                                             |  1 +
 libraries/common.inc.php                              |  5 +++++
 libraries/plugins/AuthenticationPlugin.class.php      |  9 +++++++++
 libraries/plugins/auth/AuthenticationCookie.class.php | 10 ++++++++++
 4 files changed, 25 insertions(+)

diff --git a/libraries/common.inc.php b/libraries/common.inc.php
index 2227c1e..5cea823 100644
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -859,6 +859,9 @@ if (! defined('PMA_MINIMUM_COMMON')) {
                 . ' ' . $cfg['Server']['auth_type']
             );
         }
+        if (isset($_REQUEST['pma_password'])) {
+            $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
+        }
         include_once  './libraries/plugins/auth/' . $auth_class . '.class.php';
         // todo: add plugin manager
         $plugin_manager = null;
@@ -988,6 +991,8 @@ if (! defined('PMA_MINIMUM_COMMON')) {
             $controllink = $userlink;
         }
 
+        $auth_plugin->storeUserCredentials();
+
         /* Log success */
         PMA_logUser($cfg['Server']['user']);
 
diff --git a/libraries/plugins/AuthenticationPlugin.class.php b/libraries/plugins/AuthenticationPlugin.class.php
index 3ddf55e..7943d2c 100644
--- a/libraries/plugins/AuthenticationPlugin.class.php
+++ b/libraries/plugins/AuthenticationPlugin.class.php
@@ -42,6 +42,15 @@ abstract class AuthenticationPlugin extends PluginObserver
     abstract public function authSetUser();
 
     /**
+     * Stores user credentials after successful login.
+     *
+     * @return void
+     */
+    public function storeUserCredentials()
+    {
+    }
+
+    /**
      * User is not allowed to login to MySQL -> authentication failed
      *
      * @return boolean
diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php
index e21471c..68cb5d4 100644
--- a/libraries/plugins/auth/AuthenticationCookie.class.php
+++ b/libraries/plugins/auth/AuthenticationCookie.class.php
@@ -557,6 +557,16 @@ class AuthenticationCookie extends AuthenticationPlugin
         unset($_SERVER['PHP_AUTH_PW']);
 
         $_SESSION['last_access_time'] = time();
+    }
+
+    /**
+     * Stores user credentials after successful login.
+     *
+     * @return void
+     */
+    public function storeUserCredentials()
+    {
+        global $cfg;
 
         $this->createBlowfishIV();
 
-- 
2.1.4