From bfeaecd0aa5f3c571b370b45d6cec61c174dd6d0 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Thu, 23 Jul 2020 11:51:18 -0500 Subject: [PATCH 1/3] MySQL: Fix parsing logic bug. We were correctly NOT expecting an EOF, but because we were parsing the header and then not parsing the rest, we would get out of sync --- src/analyzer/protocol/mysql/mysql-protocol.pac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/analyzer/protocol/mysql/mysql-protocol.pac b/src/analyzer/protocol/mysql/mysql-protocol.pac index 6b4128f967..a54246ef9c 100644 --- a/src/analyzer/protocol/mysql/mysql-protocol.pac +++ b/src/analyzer/protocol/mysql/mysql-protocol.pac @@ -273,7 +273,7 @@ type Command_Response(pkt_len: uint32) = case $context.connection.get_expectatio EXPECT_REST_OF_PACKET -> rest : bytestring &restofdata; EXPECT_STATUS -> status : Command_Response_Status; EXPECT_AUTH_SWITCH -> auth_switch : AuthSwitchRequest; - EXPECT_EOF -> eof : EOFIfLegacy; + EXPECT_EOF -> eof : EOFIfLegacy(pkt_len); default -> unknown : empty; }; @@ -333,9 +333,9 @@ type ColumnDefinitionOrEOF(pkt_len: uint32) = record { }; -type EOFIfLegacy = case $context.connection.get_deprecate_eof() of { +type EOFIfLegacy(pkt_len: uint32) = case $context.connection.get_deprecate_eof() of { false -> eof: EOF_Packet; - true -> none: empty; + true -> resultset: Resultset(pkt_len); } &let { update_result_seen: bool = $context.connection.set_results_seen(0); update_expectation: bool = $context.connection.set_next_expected(EXPECT_RESULTSET); From e9768ccb18bfcd720320119186e026d9fb810db0 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Thu, 23 Jul 2020 11:59:30 -0500 Subject: [PATCH 2/3] Update baselines --- .../Baseline/scripts.base.protocols.mysql.wireshark/out | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/out b/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/out index 87c86b0e0f..4e8d1c83f9 100644 --- a/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/out +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/out @@ -1,21 +1,26 @@ mysql ok, 0 mysql request, 3, select @@version_comment limit 1 mysql ok, 0 +mysql ok, 0 +mysql ok, 0 mysql result row, [Gentoo Linux mysql-5.0.54] mysql ok, 0 mysql request, 3, SELECT DATABASE() mysql ok, 0 +mysql ok, 0 mysql result row, [] mysql ok, 0 mysql request, 2, test mysql ok, 0 mysql request, 3, show databases mysql ok, 0 +mysql ok, 0 mysql result row, [information_schema] mysql result row, [test] mysql ok, 0 mysql request, 3, show tables mysql ok, 0 +mysql ok, 0 mysql result row, [agent] mysql ok, 0 mysql request, 4, agent\x00 @@ -28,6 +33,7 @@ mysql request, 3, insert into foo (animal, name) values ("cat", "Garfield") mysql ok, 1 mysql request, 3, select * from foo mysql ok, 0 +mysql ok, 0 mysql result row, [1, dog, Goofy] mysql result row, [2, cat, Garfield] mysql ok, 0 @@ -37,10 +43,12 @@ mysql request, 3, delete from foo where id = 1 mysql ok, 0 mysql request, 3, select count(*) from foo mysql ok, 0 +mysql ok, 0 mysql result row, [1] mysql ok, 0 mysql request, 3, select * from foo mysql ok, 0 +mysql ok, 0 mysql result row, [2, cat, Garfield] mysql ok, 0 mysql request, 3, delete from foo From f3c656ef17e4912800fe3063d665b999eadd23ad Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Fri, 24 Jul 2020 09:28:11 -0500 Subject: [PATCH 3/3] Add btest for GH-1084 --- .../mysql.log | 15 +++++++++++++++ .../Traces/mysql/selects_with_new_proto.trace | Bin 0 -> 5269 bytes .../protocols/mysql/selects_with_new_proto.test | 4 ++++ 3 files changed, 19 insertions(+) create mode 100644 testing/btest/Baseline/scripts.base.protocols.mysql.selects_with_new_proto/mysql.log create mode 100644 testing/btest/Traces/mysql/selects_with_new_proto.trace create mode 100644 testing/btest/scripts/base/protocols/mysql/selects_with_new_proto.test diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.selects_with_new_proto/mysql.log b/testing/btest/Baseline/scripts.base.protocols.mysql.selects_with_new_proto/mysql.log new file mode 100644 index 0000000000..35d068330e --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.selects_with_new_proto/mysql.log @@ -0,0 +1,15 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path mysql +#open 2020-07-24-14-27-47 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response +#types time string addr port addr port string string bool count string +1595519112.556686 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 login root T 0 - +1595519112.570164 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 query select @@version_comment limit 1 T 0 - +1595519118.011034 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 query show databases T 0 - +1595519124.314569 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 query show tables from information_schema T 0 - +1595519133.500178 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 query show tables from mysql T 0 - +1595519139.608450 CHhAvVGS1DHFjwGM9 192.168.205.133 47752 47.98.114.44 3306 quit (empty) - - - +#close 2020-07-24-14-27-47 diff --git a/testing/btest/Traces/mysql/selects_with_new_proto.trace b/testing/btest/Traces/mysql/selects_with_new_proto.trace new file mode 100644 index 0000000000000000000000000000000000000000..5bf8fde5a1d1d997cc4671606540eff8e8550e6d GIT binary patch literal 5269 zcmaJ_du&tJ89zxJ$FUt^=WP-ihewn02#?S-jFiT)ubm5iTzs!nU{h}$=O*#+tG*79 zcIrT)8k)9htI#G*Ag#2l`-7F0qP0TPhT5@>m4`G{`=e6&N7YSgHwh!Hos_L)zjLlH zi66DaiSGT*xxe#$zwdFr!-wx*d9{`pi2hq%CZq;0XMXLFuUJfEKc49z!sI7kULn@U zUiiUpO@t$4)bZXJ88hC0^7=1tzqEZSyY<=`>*t%#-TR6z{(0?E{^RcwQfsKcYN$1t z|GV_;2UK2DSJyz1Yd8}b#XB7uriRauw~`J*P8!Wi6qTY|KfiWnvH$gxK!5OT%Tm7a zZ4Ft|@_Aql1BQ+=Ee9O$GcAP@Egt~ylwe!R_hmGc7r$d7rvX4mnMTJ*C)4P1iAJZW zMncz8{)dM&mdqoAI|g^{Bo=^VXG}GRJ8em_{Ga7ovi!Yvimd(i?TZ{)|AIKPt$p_~ zl3Y-qOUS8cE`CgrGf`DNp3Y7){`1hOie-ObmW3)@6;mQU#lA4enfSC}c;}v>W_|vcl2zmBl=1Pw zCkBUhG|HJoG&hsZCXFXXhUMYi)=V}%n~f$JPCWymv3CAsl~@}fUCgupEAi~z&FAv( z()e)B>Bds5t}7)C>bIShLx{~g(z_xB%}eMi*MHB{#^v`M+m#0zVb04)FE}Ml2Bqf=h#?*A~}{$CPAq)5l_Z*&Yg6tZ(ps-!`g~D z_YrtlWIT*e4e5_!jsDX_UcoaRWjvfF-3;q|2@e_;csThM0tx?W`awk9v@!z_dztRU z+D9bJprG^;vJO`E1Qx`Dey1C@&8OnI1*fQFVX$+X(p1KN3mWzO2`d7(^2M(cPM!%rZW|> zXzBV%!5MoC&d@T)B)TWKfJ<_j)YzPogzhF!!GMPkaL{#Z`PC^K{TvPK=5zPEm{VJ*lJrNhy4&hWFF2v2)Ts@2vWa3Dj3rLhu;A3UzEyCl zT;x=vla9x;~dDzz2Cz3eyeba0q`~5osb6=8w1} zJ`@z~hy$BT5d6IR;Sv$aQNPAL;R?Il5*L<5P7*n_ACTSn41j!45-kW0vpeMX zYhaHOV%qfZRW3r1^-Xv`FC8`!(%68Nkw8#H0GeA0&oXyN;({X83_DuvnphUX{3P$^ zd>oZpb*U&}TT$ZO;u=Dlnz$gfz{9K*vB8=KF6iTfoCsGn8@Wji3M1@o^aEk&^YWbELxbTF{Y!5s%<;Y;H15?kE{G5nei3K3v$L>? zSCYp$KIoG@oS&084|eO*cf%Zl$jkd+$$H%q2tAzF74b`8G$cG73VYz}4fYkh0urd+ zs8fxP7$q{}95b8BW>{{)h(~oJ3Vwm8Ul#>9DU2|35;D+R*iYm{8iumO1q4~kPr>Ep zXsA7=6Qqd|Nt^XZTD1`2vPBPKP&4eC)O zg%3gb?Yi=ld{~OO{EdX{Fdg6yQ{re^@3i5Cx&=8VM?}Onj)PszAwl8;{1L1P(+$(#}lC6ODLB*uc$j{YYn+ zLmDB?c$a^5mB7Axnh}MeNZ8HEzHlfa(DeI83#&&34Siu3@)MD@x0Q*pN<#8tIhBL2 zQ9F|}whB_1{G_R{P{hl=ho>XfKV{dB%2mY!){U80ss=W5wThDL<3cn5bh1SBG~+#x zivsEkOevTJ-NnNq{6e*K(+?v-UJ~VyR}OG4F%srbXgq~l4z@VUD!0S6-i}r8#f8pi z*QSc46Pk22l~9fE(I{9|hF5(C$M3gk3s#CIs5xLlg!_DOF}&e#j)({Vmju~(MB=C{ zpvhJ~La7YaPx9Q;)K{Sv`h?P|IfaE2wi0YitnJ5ypx_|d1=>f`#GgqAQ0&&YZu&(TMUI=N$J6>U3d#9U0;m;>?{f_ zJ}hq+*j;Vs)B{rW^rXjI5%_)hD9E;|Z*>rXRYBgDz|Vpz zKxOP|(B4%P8;4y@MDhOw$*7uBvaD~z@x8W9lTw2gC{=6%%exE9VfWF(a^z@_Nlm1W z({-SDoki;gb(cNTn2RSB`FS`E$6Rmw!#6phL^HCg#L}s091G4hD>L-s4mJAPRzx{C zNR3l=aj{(Qs5Bwx7BULFy}>XK13}rwLPFE%{uiRVNBxo!g?{|C7>8b|;D literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/mysql/selects_with_new_proto.test b/testing/btest/scripts/base/protocols/mysql/selects_with_new_proto.test new file mode 100644 index 0000000000..b2c0dd43a7 --- /dev/null +++ b/testing/btest/scripts/base/protocols/mysql/selects_with_new_proto.test @@ -0,0 +1,4 @@ +# @TEST-EXEC: zeek -b -r $TRACES/mysql/selects_with_new_proto.trace %INPUT +# @TEST-EXEC: btest-diff mysql.log + +@load base/protocols/mysql