Commit 796d2f29 authored by SZ Lin (林上智)'s avatar SZ Lin (林上智)

Import openvas-libraries_9.0.1.orig.tar.gz

parent 514d103e
openvas-libraries 9.0.1 (2017-03-07)
This is the first maintenance release of the openvas-libraries 9.0
module for the Open Vulnerability Assessment System 9 (OpenVAS-9).
Many thanks to everyone who contributed to this release:
Hani Benhabiles and Timo Pollmeier.
Main changes compared to 9.0.0:
* Support for virtual hosts using TLS SNI has been added.
* SSL handshake handling has been improved.
* Error logging has been improved.
* Several memory management issues have been addressed.
* Support for hostnames without public domain in TLS certificates has
been added.
* Support for running NVTs with keys with multiple values has been added
to openvas-nasl.
openvas-libraries 9.0.0 (2016-11-09)
This is the first release of the openvas-libraries 9.0 module for the Open
......
......@@ -96,7 +96,7 @@ set (CPACK_PACKAGE_VERSION_MAJOR "9")
set (CPACK_PACKAGE_VERSION_MINOR "0")
# Use this scheme for stable releases:
set (CPACK_PACKAGE_VERSION_PATCH "0${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH "+beta1${SVN_REVISION}")
......
2017-03-07 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-libraries 9.0.1 release.
* CHANGES: Updated.
2017-02-15 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r27650.
* nasl/nasl_crypto.c (nasl_ntlm2_response, nasl_ntlm_response): Fix
possible segfaults.
(nasl_nt_owf_gen, nasl_lm_owf_gen): Fix error messages.
2017-02-08 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r27489.
* nasl/nasl.c (main): Fork before executing each plugin. This fixes
early exit of the main openvas-nasl process when running plug_get_key()
on a key with multiple values.
2017-01-30 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r26904.
* nasl/nasl_cert.c (build_hostname_list): Remove restriction on adding
CN values without a dot.
2017-01-27 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r27373.
* misc/prefs.c (prefs_set): Fix possible use-after-free when old and
value point to the same data.
2017-01-17 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r27220.
* omp/xml.c (try_read_entity_and_string_s): Fix memory leak.
2016-12-09 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r26877.
* nasl/nasl_socket.c (nasl_close_socket): Improve close() error logging.
2016-11-22 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r26704 and r26707.
* misc/network.c (socket_negotiate_ssl, open_stream_connection_ext):
Check Host/SNI/$Port/force_disable before setting the SNI.
2016-11-16 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r26683.
* misc/network.c (open_SSL_connection): Don't fail the handshake upon receiving a
non-fatal alert like unrecognized name.
2016-11-15 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r26648.
* misc/network.c (is_ip_address): New function.
(open_SSL_connection): Don't use hostname if it is an IP address.
2016-11-11 Timo Pollmeier <timo.pollmeier@greenbone.net>
Backport r26628.
* base/openvas_file.c (openvas_export_file_name): Move format_state = 0
assignment so it doesn't overwrite values set in the switch case block.
2016-11-09 Michael Wiegand <michael.wiegand@greenbone.net>
Post release version bump.
* CMakeLists.txt: Set version to 9.0.1.
2016-11-09 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Preparing the openvas-libraries 9.0.0 release.
......
......@@ -345,6 +345,7 @@ openvas_export_file_name (const char* fname_format, const char* username,
}
else if (format_state == 1)
{
format_state = 0;
switch (*fname_point)
{
case 'C':
......@@ -390,7 +391,6 @@ openvas_export_file_name (const char* fname_format, const char* username,
__FUNCTION__, *fname_point);
format_state = -1;
}
format_state = 0;
}
fname_point += sizeof (char);
}
......
......@@ -586,6 +586,18 @@ cleanup:
return result;
}
static int
is_ip_address (const char *str)
{
struct sockaddr_in sa;
struct sockaddr_in6 sa6;
if (inet_pton (AF_INET, str, &(sa.sin_addr)) == 1)
return 1;
return inet_pton (AF_INET6, str, &(sa6.sin6_addr)) == 1;
}
static int
open_SSL_connection (openvas_connection * fp, const char *cert,
const char *key, const char *passwd, const char *cafile,
......@@ -613,7 +625,7 @@ open_SSL_connection (openvas_connection * fp, const char *cert,
if (set_gnutls_protocol (fp->tls_session, fp->transport, fp->priority) < 0)
return -1;
if (hostname)
if (hostname && !is_ip_address (hostname))
gnutls_server_name_set (fp->tls_session, GNUTLS_NAME_DNS, hostname,
strlen (hostname));
......@@ -664,7 +676,8 @@ open_SSL_connection (openvas_connection * fp, const char *cert,
if (err == 0)
return 1;
if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN)
if (err != GNUTLS_E_INTERRUPTED && err != GNUTLS_E_AGAIN
&& err != GNUTLS_E_WARNING_ALERT_RECEIVED)
{
#ifdef DEBUG_SSL
tlserror ("gnutls_handshake", err);
......@@ -762,8 +775,11 @@ set_ids_evasion_mode (struct arglist *args, openvas_connection * fp)
int
socket_negotiate_ssl (int fd, openvas_encaps_t transport, struct arglist *args)
{
char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL, *hostname;
char *cert = NULL, *key = NULL, *passwd = NULL, *cafile = NULL;
char *hostname = NULL;
openvas_connection *fp;
kb_t kb;
char buf[1024];
if (!fd_is_stream (fd))
{
......@@ -771,11 +787,14 @@ socket_negotiate_ssl (int fd, openvas_encaps_t transport, struct arglist *args)
return -1;
}
fp = OVAS_CONNECTION_FROM_FD(fd);
cert = kb_item_get_str (plug_get_kb (args), "SSL/cert");
key = kb_item_get_str (plug_get_kb (args), "SSL/key");
passwd = kb_item_get_str (plug_get_kb (args), "SSL/password");
cafile = kb_item_get_str (plug_get_kb (args), "SSL/CA");
hostname = plug_get_host_fqdn (args);
kb = plug_get_kb (args);
cert = kb_item_get_str (kb, "SSL/cert");
key = kb_item_get_str (kb, "SSL/key");
passwd = kb_item_get_str (kb, "SSL/password");
cafile = kb_item_get_str (kb, "SSL/CA");
snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
if (kb_item_get_int (kb, buf) <= 0)
hostname = plug_get_host_fqdn (args);
fp->transport = transport;
fp->priority = NULL;
......@@ -1054,9 +1073,11 @@ open_stream_connection_ext (struct arglist *args, unsigned int port,
if (fp->fd < 0)
goto failed;
kb_t kb = plug_get_kb (args);
switch (transport)
{
int ret;
char buf[1024];
case OPENVAS_ENCAPS_IP:
break;
case OPENVAS_ENCAPS_SSLv23:
......@@ -1066,17 +1087,19 @@ open_stream_connection_ext (struct arglist *args, unsigned int port,
case OPENVAS_ENCAPS_TLSv12:
case OPENVAS_ENCAPS_TLScustom:
renice_myself ();
cert = kb_item_get_str (plug_get_kb (args), "SSL/cert");
key = kb_item_get_str (plug_get_kb (args), "SSL/key");
passwd = kb_item_get_str (plug_get_kb (args), "SSL/password");
cert = kb_item_get_str (kb, "SSL/cert");
key = kb_item_get_str (kb, "SSL/key");
passwd = kb_item_get_str (kb, "SSL/password");
cafile = kb_item_get_str (plug_get_kb (args), "SSL/CA");
cafile = kb_item_get_str (kb, "SSL/CA");
/* fall through */
case OPENVAS_ENCAPS_SSLv2:
/* We do not need a client certificate in this case */
hostname = plug_get_host_fqdn (args);
snprintf (buf, sizeof (buf), "Host/SNI/%d/force_disable", fp->port);
if (kb_item_get_int (kb, buf) <= 0)
hostname = plug_get_host_fqdn (args);
ret = open_SSL_connection (fp, cert, key, passwd, cafile, hostname);
g_free (cert);
g_free (key);
......
......@@ -138,8 +138,8 @@ prefs_set (const gchar * key, const gchar * value)
if (arg_get_value (global_prefs, key))
{
gchar *old = arg_get_value (global_prefs, key);
g_free (old);
arg_set_value (global_prefs, key, g_strdup (value));
g_free (old);
return;
}
......
......@@ -27,6 +27,7 @@
#include <unistd.h> /* for geteuid */
#include <libssh/libssh.h> /* for ssh_version */
#include <gnutls/gnutls.h> /* for gnutls_check_version */
#include <sys/wait.h>
#include "../misc/network.h"
......@@ -323,6 +324,8 @@ main (int argc, char **argv)
g_free (fqdn);
while (nasl_filenames[n])
{
pid_t pid;
if (both_modes || with_safe_checks)
{
nvti_t *nvti = parse_script_infos (nasl_filenames[n],
......@@ -359,9 +362,27 @@ main (int argc, char **argv)
g_strfreev (splits);
}
}
if (exec_nasl_script (script_infos, nasl_filenames[n],
arg_get_value (script_infos, "OID"), mode) < 0)
err++;
if ((pid = fork ()) == 0)
{
if (exec_nasl_script (script_infos, nasl_filenames[n],
arg_get_value (script_infos, "OID"), mode) < 0)
exit (1);
else
exit (0);
}
else if (pid < 0)
{
fprintf (stderr, "fork(): %s\n", strerror (errno));
exit (1);
}
else
{
int status;
waitpid (pid, &status, 0);
if (status)
err++;
}
n++;
}
kb_delete (kb);
......
......@@ -291,7 +291,7 @@ get_packet (struct list * l, unsigned short dport)
/**
* @brief If no packet with dport is in list, prepends a "packet" to the
* @brief If no packet with \ref dport is in list, prepends a "packet" to the
* @brief list \ref l.
*/
struct list*
......
......@@ -466,9 +466,8 @@ build_hostname_list (ksba_cert_t cert)
value = parse_dn_for_CN (name);
ksba_free (name);
/* Add the CN to the array but only if it looks like a hostname. We
assume a hostname if at least one dot is in the name. */
if (value && strchr (value, '.'))
/* Add the CN to the array even if it doesn't look like a hostname. */
if (value)
{
memset (&v, 0, sizeof v);
v.var_type = VAR2_DATA;
......
......@@ -546,13 +546,13 @@ nasl_ntlm2_response (lex_ctxt * lexic)
{
char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey");
char *password = get_str_var_by_name (lexic, "password");
unsigned char *nt_hash =
(unsigned char *) get_str_var_by_name (lexic, "nt_hash");
void *nt_hash = get_str_var_by_name (lexic, "nt_hash");
int hash_len = get_var_size_by_name (lexic, "nt_hash");
if (cryptkey == NULL || password == NULL)
if (!cryptkey || !password || !nt_hash || hash_len < 16)
{
nasl_perror (lexic,
"Syntax : ntlm2_response(cryptkey:<c>, password:<p>, nt_hash:<n>)\n");
nasl_perror
(lexic, "Syntax : ntlm2_response(cryptkey:<c>, password:<p>, nt_hash:<n[16]>)\n");
return NULL;
}
......@@ -581,14 +581,14 @@ nasl_ntlm_response (lex_ctxt * lexic)
{
char *cryptkey = (char *) get_str_var_by_name (lexic, "cryptkey");
char *password = get_str_var_by_name (lexic, "password");
unsigned char *nt_hash =
(unsigned char *) get_str_var_by_name (lexic, "nt_hash");
void *nt_hash = get_str_var_by_name (lexic, "nt_hash");
int hash_len = get_var_size_by_name (lexic, "nt_hash");
int neg_flags = get_int_var_by_name (lexic, "neg_flags", -1);
if (cryptkey == NULL || password == NULL || nt_hash == NULL || neg_flags < 0)
if (!cryptkey || !password || !nt_hash || hash_len < 16 || neg_flags < 0)
{
nasl_perror (lexic,
"Syntax : ntlm_response(cryptkey:<c>, password:<p>, nt_hash:<n>, neg_flags:<nf>)\n");
"Syntax : ntlm_response(cryptkey:<c>, password:<p>, nt_hash:<n[16]>, neg_flags:<nf>)\n");
return NULL;
}
......@@ -692,7 +692,7 @@ nasl_nt_owf_gen (lex_ctxt * lexic)
if (pass_len < 0 || pass == NULL)
{
nasl_perror (lexic, "Syntax : nt_owf_gen(cryptkey:<c>, password:<p>)\n");
nasl_perror (lexic, "Syntax : nt_owf_gen(password:<p>)\n");
return NULL;
}
......@@ -731,7 +731,7 @@ nasl_lm_owf_gen (lex_ctxt * lexic)
if (pass_len < 0 || pass == NULL)
{
nasl_perror (lexic, "Syntax : nt_lm_gen(cryptkey:<c>, password:<p>)\n");
nasl_perror (lexic, "Syntax : nt_lm_gen(password:<p>)\n");
return NULL;
}
......
......@@ -933,7 +933,7 @@ nasl_close_socket (lex_ctxt * lexic)
*/
if (soc <= 4)
{
nasl_perror (lexic, "close(): invalid argument\n");
nasl_perror (lexic, "close(%d): Invalid socket value\n", soc);
return NULL;
}
......@@ -952,7 +952,7 @@ nasl_close_socket (lex_ctxt * lexic)
return FAKE_CELL;
}
else
nasl_perror (lexic, "close(): invalid argument\n");
nasl_perror (lexic, "close(%d): %s\n", soc, strerror (errno));
return NULL;
}
......
......@@ -581,6 +581,7 @@ try_read_entity_and_string (gnutls_session_t * session, int timeout,
*string_return = string;
if (timeout > 0)
fcntl (socket, F_SETFL, 0L);
g_slist_free (context_data.first);
g_markup_parse_context_free (xml_context);
return 0;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment