go-sniffer icon indicating copy to clipboard operation
go-sniffer copied to clipboard

Published 20 hours ago verified publisher icon 40t

当SQL语句太长的时候,sniffer会异常

Open chao opened this issue 6 years ago • 3 comments

例如,捕捉到一个有1000个参数的Insert的SQL语句的时候出错:

, @p906, @p907, @p908, @p909, @p910, @p911, @p912, @p913, @p914, @p915, @p916, @p917, @p918, @p919, @p920, @p921, @p922, @p923, @p924, @p925, @p926, @p927, @p928, @p929, @p930, @p931, @p932, @p933, @p934, @p935, @p936, @p937, @p938, @p939, @p940, @p941, @p942, @p943, @p944, @p945, @p946, @p947, @p948, @p949, @p950, @p951, @p952, @p953, @p954, @p955, @p956, @p957, @p958, @p959, @p960, @p961, @p962, @p963, @p964, @p965, @p966, @p967, @p968, @p969, @p970, @p971, @p972, @p973, @p974, @p975, @p976, @p977, @p978, @p979, @p980, @p981, @p982, @p983, @p984, @p985, @p986, @p987, @p988, @p989, @p990, @p991, @p992, @p993, @p994, @p995, @p996, @p997, @p998, @p999;
Drop stm id[4];

panic: runtime error: index out of range

goroutine 1411 [running]:
encoding/binary.binary.littleEndian.Uint32(...)
	/usr/local/go/src/encoding/binary/binary.go:63
github.com/40t/go-sniffer/plugSrc/mysql/build.LengthBinary(0xc4206d6c01, 0x32, 0x5ff, 0x9b47d8, 0xc420044c00)
	/root/go/src/github.com/40t/go-sniffer/plugSrc/mysql/build/util.go:41 +0xc2
github.com/40t/go-sniffer/plugSrc/mysql/build.(*stream).resolveServerPacket(0xc4200571c0, 0xc4206d6c00, 0x33, 0x600, 0x1)
	/root/go/src/github.com/40t/go-sniffer/plugSrc/mysql/build/entry.go:230 +0x2fc
github.com/40t/go-sniffer/plugSrc/mysql/build.(*stream).resolve(0xc4200571c0)
	/root/go/src/github.com/40t/go-sniffer/plugSrc/mysql/build/entry.go:194 +0xc0
created by github.com/40t/go-sniffer/plugSrc/mysql/build.(*Mysql).ResolveStream
	/root/go/src/github.com/40t/go-sniffer/plugSrc/mysql/build/entry.go:71 +0x3b8

chao avatar Dec 05 '18 06:12 chao

go-sniffer 查询语句,数据并没多少

cctse avatar Jan 07 '19 03:01 cctse

同上报错。实验环境是Ubuntu18.04+sqli-labs+php5.6

Start new stream: 127.0.0.1->127.0.0.1 53642->3306
Start new stream: 127.0.0.1->127.0.0.1 3306->53642
panic: runtime error: index out of range
goroutine 18 [running]:
github.com/40t/go-sniffer/plugSrc/mysql/build.(*stream).resolveClientPacket(0xc00041e000, 0xc00044a600, 0x0, 0x200, 0x3)
	/home/corp0ra1/go/src/github.com/40t/go-sniffer/plugSrc/mysql/build/entry.go:249 +0xcc7
github.com/40t/go-sniffer/plugSrc/mysql/build.(*stream).resolve(0xc00041e000)
	/home/corp0ra1/go/src/github.com/40t/go-sniffer/plugSrc/mysql/build/entry.go:192 +0x8a
created by github.com/40t/go-sniffer/plugSrc/mysql/build.(*Mysql).ResolveStream
	/home/corp0ra1/go/src/github.com/40t/go-sniffer/plugSrc/mysql/build/entry.go:71 +0x3b6

corp0ra1 avatar May 23 '19 09:05 corp0ra1

代码 pull 一下,麻烦check一下

40t avatar Jun 06 '19 11:06 40t