Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix parsing of MySQL NUL Strings, where we now require it to have a NUL value at the end.

Browse source 
We don't pass that NUL to the script layer, so we moved away from bytestring_to_val for those.
This commit is contained in:
Vlad Grigorescu 2018-10-29 15:56:51 -05:00
parent 80c7f3f4e2
commit 6144ac536f
2 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/analyzer/protocol/mysql/mysql-analyzer.pac
View file

@ -7,12 +7,12 @@ refine flow MySQL_Flow += {
{
if ( ${msg.version} == 10 )
BifEvent::generate_mysql_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.handshake10.server_version}));
connection()->bro_analyzer()->Conn(),
new StringVal(c_str(${msg.handshake10.server_version})));
if ( ${msg.version} == 9 )
BifEvent::generate_mysql_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.handshake9.server_version}));
connection()->bro_analyzer()->Conn(),
new StringVal(c_str(${msg.handshake9.server_version})));
}
return true;
%}
@ -26,12 +26,12 @@ refine flow MySQL_Flow += {
{
if ( ${msg.version} == 10 )
BifEvent::generate_mysql_handshake(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.v10_response.username}));
connection()->bro_analyzer()->Conn(),
new StringVal(c_str(${msg.v10_response.username})));
if ( ${msg.version} == 9 )
BifEvent::generate_mysql_handshake(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${msg.v9_response.username}));
connection()->bro_analyzer()->Conn(),
new StringVal(c_str(${msg.v9_response.username})));
}
return true;
%}
@ -40,9 +40,9 @@ refine flow MySQL_Flow += {
%{
if ( mysql_command_request )
BifEvent::generate_mysql_command_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${msg.command},
bytestring_to_val(${msg.arg}));
connection()->bro_analyzer()->Conn(),
${msg.command},
bytestring_to_val(${msg.arg}));
return true;
%}
@ -50,9 +50,9 @@ refine flow MySQL_Flow += {
%{
if ( mysql_error )
BifEvent::generate_mysql_error(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${msg.code},
bytestring_to_val(${msg.msg}));
connection()->bro_analyzer()->Conn(),
${msg.code},
bytestring_to_val(${msg.msg}));
return true;
%}
@ -60,8 +60,8 @@ refine flow MySQL_Flow += {
%{
if ( mysql_ok )
BifEvent::generate_mysql_ok(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${msg.rows});
connection()->bro_analyzer()->Conn(),
${msg.rows});
return true;
%}

2
src/analyzer/protocol/mysql/mysql-protocol.pac
View file

@ -151,7 +151,7 @@ enum Expected {
EXPECT_AUTH_SWITCH,
};
type NUL_String = RE/[^\0]*/;
type NUL_String = RE/[^\0]*\0/;
# MySQL PDU