--- mysql-3.22.30/sql/sql_parse.cc.orig	Thu Feb 10 15:17:24 2000
+++ mysql-3.22.30/sql/sql_parse.cc	Thu Feb 10 15:23:17 2000
@@ -17,6 +17,8 @@
 #include <m_ctype.h>
 #include <thr_alarm.h>
 
+#define SCRAMBLE_LENGTH 8
+
 extern int yyparse(void);
 extern "C" pthread_mutex_t THR_LOCK_keycache;
 
@@ -127,8 +129,9 @@
     end=strmov(buff,server_version)+1;
     int4store((uchar*) end,thd->thread_id);
     end+=4;
-    memcpy(end,thd->scramble,9);
-    end+=9;
+	memcpy(end,thd->scramble,SCRAMBLE_LENGTH+1);
+	end+=SCRAMBLE_LENGTH +1;
+
 #ifdef HAVE_COMPRESS
     int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
 #else
@@ -153,6 +156,8 @@
   if (!(thd->user = my_strdup((char*) net->read_pos+5, MYF(MY_FAE))))
     return(ER_OUT_OF_RESOURCES);
   char *passwd= strend((char*) net->read_pos+5)+1;
+  if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH)
+	return ER_HANDSHAKE_ERROR;
   thd->master_access=acl_getroot(thd->host, thd->ip, thd->user,
 				 passwd, thd->scramble, &thd->priv_user,
 				 protocol_version == 9 ||