Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix parsing of MySQL NUL Strings, where we now require it to have a NUL value at the end.

Browse source 
We don't pass that NUL to the script layer, so we moved away from bytestring_to_val for those.
This commit is contained in:
Vlad Grigorescu 2018-10-29 15:56:51 -05:00
parent 80c7f3f4e2
commit 6144ac536f
2 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/analyzer/protocol/mysql/mysql-analyzer.pac
View file

@ -7,12 +7,12 @@ refine flow MySQL_Flow += {
{ {
if ( ${msg.version} == 10 ) if ( ${msg.version} == 10 )
BifEvent::generate_mysql_server_version(connection()->bro_analyzer(), BifEvent::generate_mysql_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.handshake10.server_version})); new StringVal(c_str(${msg.handshake10.server_version})));
if ( ${msg.version} == 9 ) if ( ${msg.version} == 9 )
BifEvent::generate_mysql_server_version(connection()->bro_analyzer(), BifEvent::generate_mysql_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.handshake9.server_version})); new StringVal(c_str(${msg.handshake9.server_version})));
} }
return true; return true;
%} %}
@ -26,12 +26,12 @@ refine flow MySQL_Flow += {
{ {
if ( ${msg.version} == 10 ) if ( ${msg.version} == 10 )
BifEvent::generate_mysql_handshake(connection()->bro_analyzer(), BifEvent::generate_mysql_handshake(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.v10_response.username})); new StringVal(c_str(${msg.v10_response.username})));
if ( ${msg.version} == 9 ) if ( ${msg.version} == 9 )
BifEvent::generate_mysql_handshake(connection()->bro_analyzer(), BifEvent::generate_mysql_handshake(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.v9_response.username})); new StringVal(c_str(${msg.v9_response.username})));
} }
return true; return true;
%} %}
@ -40,9 +40,9 @@ refine flow MySQL_Flow += {
%{ %{
if ( mysql_command_request ) if ( mysql_command_request )
BifEvent::generate_mysql_command_request(connection()->bro_analyzer(), BifEvent::generate_mysql_command_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.command}, ${msg.command},
bytestring_to_val(${msg.arg})); bytestring_to_val(${msg.arg}));
return true; return true;
%} %}
@ -50,9 +50,9 @@ refine flow MySQL_Flow += {
%{ %{
if ( mysql_error ) if ( mysql_error )
BifEvent::generate_mysql_error(connection()->bro_analyzer(), BifEvent::generate_mysql_error(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.code}, ${msg.code},
bytestring_to_val(${msg.msg})); bytestring_to_val(${msg.msg}));
return true; return true;
%} %}
@ -60,8 +60,8 @@ refine flow MySQL_Flow += {
%{ %{
if ( mysql_ok ) if ( mysql_ok )
BifEvent::generate_mysql_ok(connection()->bro_analyzer(), BifEvent::generate_mysql_ok(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.rows}); ${msg.rows});
return true; return true;
%} %}

2
src/analyzer/protocol/mysql/mysql-protocol.pac
View file

@ -151,7 +151,7 @@ enum Expected {
EXPECT_AUTH_SWITCH, EXPECT_AUTH_SWITCH,
}; };
type NUL_String = RE/[^\0]*/; type NUL_String = RE/[^\0]*\0/;
# MySQL PDU # MySQL PDU