Bug #43439 Replication slave truncates MASTER_PASSWORD > 32 characters
Submitted: 6 Mar 2009 1:58 Modified: 24 Jun 2014 14:53
Reporter: Daniel Grace Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Replication Severity:S3 (Non-critical)
Version:5.0.51a-21-log (Debian), 4.1, 5.0, 5.1, 6.0 bzr OS:Linux
Assigned to: Andrei Elkin CPU Architecture:Any

[6 Mar 2009 1:58] Daniel Grace
Description:
Both slave and master are the same version.

When setting up replication, I decided to use an arbitrarily long (50 characters) randomly-generated password for the replication user account.  

The master server accepted this password for SET PASSWORD FOR 'repl'@'hostmask' TO PASSWORD('...');  In addition, I could connect to the master with this user from the mysql commandline client using this password.

However, after performing CHANGE MASTER TO MASTER_PASSWORD='...' on the slave, the slave was unable to connect (SHOW SLAVE STATUS consistently said "Connecting to master").  Examinination of master.info showed that the slave only kept the first 32 characters of the password -- thus using the wrong password on its connection attempts.

Using a shorter (<32 character) password made everything work again.

How to repeat:
See above.

Suggested fix:
Either maintain the entire password on the slave, or fail with an error if the specified password is too long.
[6 Mar 2009 7:09] Sveta Smirnova
Thank you for the report.

Verified as described.
[6 Mar 2009 7:10] Sveta Smirnova
test case

Attachment: rpl_bug43439.test (application/octet-stream, text), 360 bytes.

[1 Sep 2011 20:35] Robert Miesen
This issue is still live as of v5.5.

What I find particularly disturbing is that this bug is not mentioned in the MySQL manual at all, let alone in section 15.1.1.3 (MySQL Reference Manual, version 5.5). If this bug is not going to be fixed anytime soon (it has been open for over two years now), please at least document this issue so that poor MySQL admins like myself don't waste 10+ hours of our life trying to setup a secure replication environment just to manually discover bug #43439.

Thank you in advance for your response!
[10 Feb 2012 15:19] Jon Stephens
I've updated http://dev.mysql.com/doc/refman/5.5/en/change-master-to.html and http://dev.mysql.com/doc/refman/5.5/en/set-password.html (and their equivalents in the other versions of the Manual) with some notes about this issue. 

Bug status unchanged.
[17 Mar 2014 5:58] Tsubasa Tanaka
I found this is not fixed in 5.6.16 yet.

At least, can it get to create a warning?
[17 Mar 2014 5:59] Tsubasa Tanaka
Patch for create a warning.

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: 43439.patch (application/octet-stream, text), 690 bytes.

[1 Apr 2014 16:02] Andrei Elkin
Posted by developer:
 
The recommended way of fixing is an alternative of letting any lengthy password or
to error out. I would like to error out, 'cos to let is somewhat heavier. Besides it would be for granted once
we removed the FILE as slave repository type.

The contributed patch is almost good, but it offers to warn.
I am not kin to that 'cos it not more than delays inevitable error at START SLAVE.
So let's throw the error right away as originally suggested.
[2 Apr 2014 9:47] Tsubasa Tanaka
Hi,

Yes, you are right.
I modified my patch to error out over 32 characters and to rebase 5.6.17 with testcase.

Regards,
[2 Apr 2014 9:48] Tsubasa Tanaka
fix and testcase based on 5.6.17.

Attachment: bug_43439_2.patch (application/octet-stream, text), 1.63 KiB.

[24 Jun 2014 14:53] Jon Stephens
Fix documented in the 5.7.5 changelog, as follows:

    The maximum length that can be used for the password in a CHANGE
    MASTER TO statement is 32 characters. Previously, when a longer
    password was employed, any excess length was silently truncated
    by the server. Now when the password's length exceeds 32
    characters, CHANGE MASTER TO fails with an error.

Also updated "CHANGE MASTER TO Syntax" in the affected versions of the Manual.

Closed.      

Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html