From 1d4d3536e3397709e7aa3717e13120d682d448fe Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 8 Oct 2020 17:56:18 +0000
Subject: [PATCH] Fix off-by-one bug when parsing MySQL EOF packet. Fixes #2128

---
 CHANGELOG        | 3 +++
 nselib/mysql.lua | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index d5afda1bb..15361412a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,9 @@
 o [NSE][GH#2136][GH#2137] Rectify error "time result cannot be represented..."
   in the AFP library. [Clément Notin]
 
+o [NSE][GH#2128] MySQL library was not properly parsing server responses,
+  resulting in script crashes. [nnposter]
+
 o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for
   the audit rule base. [nnposter]
 
diff --git a/nselib/mysql.lua b/nselib/mysql.lua
index 2e84431b5..67dcdc279 100644
--- a/nselib/mysql.lua
+++ b/nselib/mysql.lua
@@ -384,7 +384,7 @@ function decodeQueryResponse( socket )
         -- Is this the EOF packet?
         if b == EOF_MARKER then
           -- we don't want the EOF Packet included
-          block_end = pos - HEADER_SIZE
+          block_end = pos - HEADER_SIZE - 1
           pos = pos + header.len
           break
         end