Merge branch 'PHP-7.4'

* PHP-7.4:
  Fixed bug #79011
  Fix memory leaks in mysqlnd debug functionality

Author: nikic

ext/mysqlnd/mysqlnd_auth.c

@@ -913,6 +913,12 @@ mysqlnd_caching_sha2_get_auth_data(struct st_mysqlnd_authentication_plugin * sel
 	DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data);
 	*auth_data_len = 0;
 
+	if (auth_plugin_data_len < SCRAMBLE_LENGTH) {
+		SET_CLIENT_ERROR(conn->error_info, CR_MALFORMED_PACKET, UNKNOWN_SQLSTATE, "The server sent wrong length for scramble");
+		DBG_ERR_FMT("The server sent wrong length for scramble %u. Expected %u", auth_plugin_data_len, SCRAMBLE_LENGTH);
+		DBG_RETURN(NULL);
+	}
+
 	DBG_INF("First auth step: send hashed password");
 	/* copy scrambled pass*/
 	if (passwd && passwd_len) {
@@ -1020,7 +1026,7 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
 		char xor_str[passwd_len + 1];
 		memcpy(xor_str, passwd, passwd_len);
 		xor_str[passwd_len] = '\0';
-		mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
+		mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, SCRAMBLE_LENGTH);
 
 		server_public_key_len = RSA_size(server_public_key);
 		/*

ext/mysqlnd/mysqlnd_debug.c

@@ -697,6 +697,10 @@ MYSQLND_CLASS_METHODS_START(mysqlnd_debug)
 MYSQLND_CLASS_METHODS_END;
 
 
+static void free_ptr(zval *zv) {
+	efree(Z_PTR_P(zv));
+}
+
 /* {{{ mysqlnd_debug_init */
 PHPAPI MYSQLND_DEBUG *
 mysqlnd_debug_init(const char * skip_functions[])
@@ -708,7 +712,7 @@ mysqlnd_debug_init(const char * skip_functions[])
 	zend_stack_init(&ret->call_stack, sizeof(char *));
 	zend_stack_init(&ret->call_time_stack, sizeof(uint64_t));
 	zend_hash_init(&ret->not_filtered_functions, 0, NULL, NULL, 0);
-	zend_hash_init(&ret->function_profiles, 0, NULL, NULL, 0);
+	zend_hash_init(&ret->function_profiles, 0, NULL, free_ptr, 0);
 
 	ret->m = & mysqlnd_mysqlnd_debug_methods;
 	ret->skip_functions = skip_functions;