1 files changed, 8 insertions, 2 deletions

diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
index 24c77220fc..14a65eed0d 100644
--- a/ext/mysqlnd/mysqlnd_auth.c
+++ b/ext/mysqlnd/mysqlnd_auth.c
@@ -806,7 +806,8 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self
 
 		if (server_public_key) {
 			int server_public_key_len;
-			char xor_str[passwd_len + 1];
+			ALLOCA_FLAG(use_heap);
+			char *xor_str = do_alloca(passwd_len + 1, use_heap);
 			memcpy(xor_str, passwd, passwd_len);
 			xor_str[passwd_len] = '\0';
 			mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
@@ -819,6 +820,7 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self
 			*/
 			if ((size_t) server_public_key_len - 41 <= passwd_len) {
 				/* password message is to long */
+				free_alloca(xor_str, use_heap);
 				SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
 				DBG_ERR("password is too long");
 				DBG_RETURN(NULL);
@@ -828,6 +830,7 @@ mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self
 			ret = malloc(*auth_data_len);
 			RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, ret, server_public_key, RSA_PKCS1_OAEP_PADDING);
 			RSA_free(server_public_key);
+			free_alloca(xor_str, use_heap);
 		}
 	}
 
@@ -1025,7 +1028,8 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
 
 	if (server_public_key) {
 		int server_public_key_len;
-		char xor_str[passwd_len + 1];
+		ALLOCA_FLAG(use_heap)
+		char *xor_str = do_alloca(passwd_len + 1, use_heap);
 		memcpy(xor_str, passwd, passwd_len);
 		xor_str[passwd_len] = '\0';
 		mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, SCRAMBLE_LENGTH);
@@ -1038,6 +1042,7 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
 		*/
 		if ((size_t) server_public_key_len - 41 <= passwd_len) {
 			/* password message is to long */
+			free_alloca(xor_str, use_heap);
 			SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
 			DBG_ERR("password is too long");
 			DBG_RETURN(0);
@@ -1045,6 +1050,7 @@ mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
 
 		*crypted = emalloc(server_public_key_len);
 		RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, *crypted, server_public_key, RSA_PKCS1_OAEP_PADDING);
+		free_alloca(xor_str, use_heap);
 		DBG_RETURN(server_public_key_len);
 	}
 	DBG_RETURN(0);