diff options
author | Hadriel Kaplan <hadrielk@yahoo.com> | 2015-07-06 19:56:15 -0400 |
---|---|---|
committer | Hadriel Kaplan <hadrielk@yahoo.com> | 2015-07-07 01:00:51 +0000 |
commit | 5999b9701343614508a7802fbd7048202973a2b7 (patch) | |
tree | 6bbe606589109feba67cf624fa24b1e2fb2c8f32 /epan/dissectors | |
parent | 8ebf735c90a2960aa4b9d6c04bab0516ca17e84f (diff) |
MySQL: dissector adds packet content to INFO column without scrubbing it
Make the MYSQL protocol dissector scrub the strings from the packet content by
putting it through format_text() to remove/replace CR, LF, TAB, etc. The
fields affected are: query string, greeting version string, login username,
and login schema.
Bug: 11344
Change-Id: Ie1a593026c21720eecc77e7b3a7e63db11adf2a1
Reviewed-on: https://code.wireshark.org/review/9530
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Diffstat (limited to 'epan/dissectors')
-rw-r--r-- | epan/dissectors/packet-mysql.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/epan/dissectors/packet-mysql.c b/epan/dissectors/packet-mysql.c index 7ce25ccf36..b57f990ecf 100644 --- a/epan/dissectors/packet-mysql.c +++ b/epan/dissectors/packet-mysql.c @@ -40,6 +40,7 @@ #include <epan/packet.h> #include <epan/prefs.h> #include <epan/expert.h> +#include <epan/strutil.h> #include "packet-tcp.h" #include "packet-ssl-utils.h" @@ -881,7 +882,8 @@ mysql_dissect_greeting(tvbuff_t *tvb, packet_info *pinfo, int offset, /* version string */ lenstr = tvb_strsize(tvb,offset); - col_append_fstr(pinfo->cinfo, COL_INFO, " version=%s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, lenstr, ENC_ASCII|ENC_NA)); + col_append_fstr(pinfo->cinfo, COL_INFO, " version=%s", + format_text(tvb_get_ptr(tvb, offset, lenstr), lenstr-1)); proto_tree_add_item(greeting_tree, hf_mysql_version, tvb, offset, lenstr, ENC_ASCII|ENC_NA); conn_data->major_version = 0; @@ -1024,7 +1026,8 @@ mysql_dissect_login(tvbuff_t *tvb, packet_info *pinfo, int offset, /* User name */ lenstr = my_tvb_strsize(tvb, offset); - col_append_fstr(pinfo->cinfo, COL_INFO, " user=%s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, lenstr, ENC_ASCII|ENC_NA)); + col_append_fstr(pinfo->cinfo, COL_INFO, " user=%s", + format_text(tvb_get_ptr(tvb, offset, lenstr), lenstr-1)); proto_tree_add_item(login_tree, hf_mysql_user, tvb, offset, lenstr, ENC_ASCII|ENC_NA); offset += lenstr; @@ -1051,7 +1054,8 @@ mysql_dissect_login(tvbuff_t *tvb, packet_info *pinfo, int offset, return offset; } - col_append_fstr(pinfo->cinfo, COL_INFO, " db=%s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, lenstr, ENC_ASCII|ENC_NA)); + col_append_fstr(pinfo->cinfo, COL_INFO, " db=%s", + format_text(tvb_get_ptr(tvb, offset, lenstr), lenstr-1)); proto_tree_add_item(login_tree, hf_mysql_schema, tvb, offset, lenstr, ENC_ASCII|ENC_NA); offset += lenstr; @@ -1329,7 +1333,8 @@ mysql_dissect_request(tvbuff_t *tvb,packet_info *pinfo, int offset, lenstr = my_tvb_strsize(tvb, offset); proto_tree_add_item(req_tree, hf_mysql_query, tvb, offset, lenstr, ENC_ASCII|ENC_NA); if (mysql_showquery) { - col_append_fstr(pinfo->cinfo, COL_INFO, " { %s } ", tvb_get_string_enc(wmem_packet_scope(), tvb, offset, lenstr, ENC_ASCII|ENC_NA)); + col_append_fstr(pinfo->cinfo, COL_INFO, " { %s } ", + format_text(tvb_get_ptr(tvb, offset, lenstr), lenstr-1)); } offset += lenstr; conn_data->state = RESPONSE_TABULAR; |