dnrops
/
node-oracledb
mirror of https://github.com/oracle/node-oracledb
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed bug when connecting to databses using older 11g password verifiers

This commit is contained in:
Sharad Chandran R 2023-06-20 15:58:20 +05:30
parent f7b336dd4b
commit 8377cca488
2 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/src/release_notes.rst
View File

@ -11,6 +11,8 @@ node-oracledb `v6.0.2 <https://github.com/oracle/node-oracledb/compare/v6.0.1...
Thin Mode Changes
+++++++++++++++++
#) Fixed bug connecting to databases with older 11g password verifiers.
#) Fixed bug when the length of a chunk inside a chunked read spans packets.
`Issue #1576 <https://github.com/oracle/node-oracledb/issues/1576>`__.

34
lib/thin/protocol/encryptDecrypt.js
View File

@ -138,18 +138,30 @@ class EncryptDecrypt {
if (newPassword) {
newPasswordBytes = Buffer.from(newPassword, 'utf8');
}
let sessionKeyParta = this._decrypt(passwordHash, encodedServerKey);
let sessionKeyPartb = Buffer.alloc(32);
crypto.randomFillSync(sessionKeyPartb, 0, 32);
let encodedClientKey = this._encrypt(passwordHash, sessionKeyPartb);
authObj.sessionKey = encodedClientKey.slice().toString('hex').toUpperCase().slice(0, 64);
const sessionKeyParta = this._decrypt(passwordHash, encodedServerKey);
const sessionKeyPartb = Buffer.alloc(sessionKeyParta.length);
crypto.randomFillSync(sessionKeyPartb);
const encodedClientKey = this._encrypt(passwordHash, sessionKeyPartb);
iterations = Number(sessionData['AUTH_PBKDF2_SDER_COUNT']);
let mixingSalt = Buffer.from(sessionData['AUTH_PBKDF2_CSK_SALT'], 'hex');
let partABKey = Buffer.concat([sessionKeyPartb.slice(0, keyLen), sessionKeyParta.slice(0, keyLen)]);
let partABKeyStr = partABKey.toString('hex').toUpperCase();
let partABKeyBuffer = Buffer.from(partABKeyStr, 'utf8');
authObj.comboKey = crypto.pbkdf2Sync(partABKeyBuffer, mixingSalt, iterations, keyLen, 'sha512');
if (sessionKeyParta.length === 48) {
authObj.sessionKey = encodedClientKey.slice().toString('hex').toUpperCase().slice(0, 96);
const buf = Buffer.alloc(24);
for (let i = 16; i <= 40; i++) {
buf[i - 16] = sessionKeyParta[i] ^ sessionKeyPartb[i];
}
const part1 = crypto.createHash("md5").update(buf.subarray(0, 16)).digest();
const part2 = crypto.createHash("md5").update(buf.subarray(16)).digest();
authObj.comboKey = Buffer.concat([part1, part2]).slice(0, keyLen);
} else {
authObj.sessionKey = encodedClientKey.slice().toString('hex').toUpperCase().slice(0, 64);
const mixingSalt = Buffer.from(sessionData['AUTH_PBKDF2_CSK_SALT'], 'hex');
iterations = Number(sessionData['AUTH_PBKDF2_SDER_COUNT']);
const partABKey = Buffer.concat([sessionKeyPartb.slice(0, keyLen), sessionKeyParta.slice(0, keyLen)]);
const partABKeyStr = partABKey.toString('hex').toUpperCase();
const partABKeyBuffer = Buffer.from(partABKeyStr, 'utf8');
authObj.comboKey = crypto.pbkdf2Sync(partABKeyBuffer, mixingSalt,
iterations, keyLen, 'sha512');
}
let salt = Buffer.alloc(16);
if (!verifier11G) {