Merge remote-tracking branch 'origin/topic/vladg/mysql_nul_string_fix'

* origin/topic/vladg/mysql_nul_string_fix: Add a test with an encrypted MySQL connection Fix parsing of MySQL NUL Strings, where we now require it to have a NUL value at the end.
2025-10-13 20:18:20 +00:00 · 2018-10-30 09:59:44 -05:00 · 2018-10-30 09:59:44 -05:00 · 8c02aa5211
commit 8c02aa5211
parent 80c7f3f4e2 b0638dbdcf
7 changed files with 32 additions and 18 deletions
--- a/src/analyzer/protocol/mysql/mysql-analyzer.pac
+++ b/src/analyzer/protocol/mysql/mysql-analyzer.pac
@ -7,12 +7,12 @@ refine flow MySQL_Flow += {
 			{
 			if ( ${msg.version} == 10 )
 				BifEvent::generate_mysql_server_version(connection()->bro_analyzer(),
-														connection()->bro_analyzer()->Conn(),
-														bytestring_to_val(${msg.handshake10.server_version}));
+				                                        connection()->bro_analyzer()->Conn(),
+				                                        new StringVal(c_str(${msg.handshake10.server_version})));
 			if ( ${msg.version} == 9 )
 				BifEvent::generate_mysql_server_version(connection()->bro_analyzer(),
-														connection()->bro_analyzer()->Conn(),
-														bytestring_to_val(${msg.handshake9.server_version}));
+				                                        connection()->bro_analyzer()->Conn(),
+				                                        new StringVal(c_str(${msg.handshake9.server_version})));
 			}
 		return true;
 		%}
@ -26,12 +26,12 @@ refine flow MySQL_Flow += {
 			{
 			if ( ${msg.version} == 10 )
 				BifEvent::generate_mysql_handshake(connection()->bro_analyzer(),
-									    		   connection()->bro_analyzer()->Conn(),
-													bytestring_to_val(${msg.v10_response.username}));
+				                                   connection()->bro_analyzer()->Conn(),
+				                                   new StringVal(c_str(${msg.v10_response.username})));
 			if ( ${msg.version} == 9 )
 				BifEvent::generate_mysql_handshake(connection()->bro_analyzer(),
-									    		   connection()->bro_analyzer()->Conn(),
-								    	    	   bytestring_to_val(${msg.v9_response.username}));
+				                                   connection()->bro_analyzer()->Conn(),
+				                                   new StringVal(c_str(${msg.v9_response.username})));
 			}
 		return true;
 		%}
@ -40,9 +40,9 @@ refine flow MySQL_Flow += {
 		%{
 		if ( mysql_command_request )
 			BifEvent::generate_mysql_command_request(connection()->bro_analyzer(),
-													 connection()->bro_analyzer()->Conn(),
-													 ${msg.command},
-													 bytestring_to_val(${msg.arg}));
+			                                         connection()->bro_analyzer()->Conn(),
+			                                         ${msg.command},
+			                                         bytestring_to_val(${msg.arg}));
 		return true;
 		%}

@ -50,9 +50,9 @@ refine flow MySQL_Flow += {
 		%{
 		if ( mysql_error )
 			BifEvent::generate_mysql_error(connection()->bro_analyzer(),
-										   connection()->bro_analyzer()->Conn(),
-										   ${msg.code},
-										   bytestring_to_val(${msg.msg}));
+			                               connection()->bro_analyzer()->Conn(),
+			                               ${msg.code},
+			                               bytestring_to_val(${msg.msg}));
 		return true;
 		%}

@ -60,8 +60,8 @@ refine flow MySQL_Flow += {
 		%{
 		if ( mysql_ok )
 			BifEvent::generate_mysql_ok(connection()->bro_analyzer(),
-										connection()->bro_analyzer()->Conn(),
-										${msg.rows});
+			                            connection()->bro_analyzer()->Conn(),
+			                            ${msg.rows});
 		return true;
 		%}