diff --git a/CHANGES b/CHANGES index 8b55c90438..4721c962b4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,11 @@ +3.2.0-dev.985 | 2020-07-24 11:40:22 -0700 + + * MySQL: Fix EOF parsing logic bug. (Vlad Grigorescu) + + We were correctly NOT expecting an EOF, but because we were parsing the + header and then not parsing the rest, we would get out of sync + 3.2.0-dev.979 | 2020-07-24 09:03:06 -0700 * Implement EDNS Client Subnet Option (Ron Wellman) diff --git a/VERSION b/VERSION index 5489f38b3d..45f3eb647f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.2.0-dev.979 +3.2.0-dev.985 diff --git a/src/analyzer/protocol/mysql/mysql-protocol.pac b/src/analyzer/protocol/mysql/mysql-protocol.pac index 6b4128f967..a54246ef9c 100644 --- a/src/analyzer/protocol/mysql/mysql-protocol.pac +++ b/src/analyzer/protocol/mysql/mysql-protocol.pac @@ -273,7 +273,7 @@ type Command_Response(pkt_len: uint32) = case $context.connection.get_expectatio EXPECT_REST_OF_PACKET -> rest : bytestring &restofdata; EXPECT_STATUS -> status : Command_Response_Status; EXPECT_AUTH_SWITCH -> auth_switch : AuthSwitchRequest; - EXPECT_EOF -> eof : EOFIfLegacy; + EXPECT_EOF -> eof : EOFIfLegacy(pkt_len); default -> unknown : empty; }; @@ -333,9 +333,9 @@ type ColumnDefinitionOrEOF(pkt_len: uint32) = record { }; -type EOFIfLegacy = case $context.connection.get_deprecate_eof() of { +type EOFIfLegacy(pkt_len: uint32) = case $context.connection.get_deprecate_eof() of { false -> eof: EOF_Packet; - true -> none: empty; + true -> resultset: Resultset(pkt_len); } &let { update_result_seen: bool = $context.connection.set_results_seen(0); update_expectation: bool = $context.connection.set_next_expected(EXPECT_RESULTSET); diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.selects_with_new_proto/mysql.log b/testing/btest/Baseline/scripts.base.protocols.mysql.selects_with_new_proto/mysql.log new file mode 100644 index 0000000000..35d068330e --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.selects_with_new_proto/mysql.log @@ -0,0 +1,15 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path mysql +#open 2020-07-24-14-27-47 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response +#types time string addr port addr port string string bool count string +1595519112.556686 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 login root T 0 - +1595519112.570164 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 query select @@version_comment limit 1 T 0 - +1595519118.011034 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 query show databases T 0 - +1595519124.314569 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 query show tables from information_schema T 0 - +1595519133.500178 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 query show tables from mysql T 0 - +1595519139.608450 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 quit (empty) - - - +#close 2020-07-24-14-27-47 diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/out b/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/out index 87c86b0e0f..4e8d1c83f9 100644 --- a/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/out +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/out @@ -1,21 +1,26 @@ mysql ok, 0 mysql request, 3, select @@version_comment limit 1 mysql ok, 0 +mysql ok, 0 +mysql ok, 0 mysql result row, [Gentoo Linux mysql-5.0.54] mysql ok, 0 mysql request, 3, SELECT DATABASE() mysql ok, 0 +mysql ok, 0 mysql result row, [] mysql ok, 0 mysql request, 2, test mysql ok, 0 mysql request, 3, show databases mysql ok, 0 +mysql ok, 0 mysql result row, [information_schema] mysql result row, [test] mysql ok, 0 mysql request, 3, show tables mysql ok, 0 +mysql ok, 0 mysql result row, [agent] mysql ok, 0 mysql request, 4, agent\x00 @@ -28,6 +33,7 @@ mysql request, 3, insert into foo (animal, name) values ("cat", "Garfield") mysql ok, 1 mysql request, 3, select * from foo mysql ok, 0 +mysql ok, 0 mysql result row, [1, dog, Goofy] mysql result row, [2, cat, Garfield] mysql ok, 0 @@ -37,10 +43,12 @@ mysql request, 3, delete from foo where id = 1 mysql ok, 0 mysql request, 3, select count(*) from foo mysql ok, 0 +mysql ok, 0 mysql result row, [1] mysql ok, 0 mysql request, 3, select * from foo mysql ok, 0 +mysql ok, 0 mysql result row, [2, cat, Garfield] mysql ok, 0 mysql request, 3, delete from foo diff --git a/testing/btest/Traces/mysql/selects_with_new_proto.trace b/testing/btest/Traces/mysql/selects_with_new_proto.trace new file mode 100644 index 0000000000..5bf8fde5a1 Binary files /dev/null and b/testing/btest/Traces/mysql/selects_with_new_proto.trace differ diff --git a/testing/btest/scripts/base/protocols/mysql/selects_with_new_proto.test b/testing/btest/scripts/base/protocols/mysql/selects_with_new_proto.test new file mode 100644 index 0000000000..b2c0dd43a7 --- /dev/null +++ b/testing/btest/scripts/base/protocols/mysql/selects_with_new_proto.test @@ -0,0 +1,4 @@ +# @TEST-EXEC: zeek -b -r $TRACES/mysql/selects_with_new_proto.trace %INPUT +# @TEST-EXEC: btest-diff mysql.log + +@load base/protocols/mysql