Bug in nsr_output.c

Rickard, Matthew Tue, 29 Jul 2003 07:49:52 -0700

I've come across a bug in nessus-core/nessus/nsr_output.c.  It appears
'Warning' and 'Note' are not matched correctly with 'INFO' and 'NOTE'.  This
causes them to be switched (and misclassified) when converting to other
formats from nsr.


Here is the trivial diff to correct this issue:

diff -u nessus/nsr_output.c.old nessus/nsr_output.c
--- nessus/nsr_output.c.old     2002-09-10 18:01:25.000000000 -0400
+++ nessus/nsr_output.c 2003-07-29 10:46:16.000000000 -0400
@@ -140,8 +140,8 @@
     }

     while((t = strchr(data, ';')))t[0] = '\n';
-    if(!strcmp(severity, "INFO"))severity = "Security Note";
-    else if(!strcmp(severity, "NOTE"))severity = "Security Warning";
+    if(!strcmp(severity, "INFO"))severity = "Security Warning";
+    else if(!strcmp(severity, "NOTE"))severity = "Security Note";
     else if(!strcmp(severity, "REPORT"))severity ="Security Hole";
     backend_insert_report_data(be, subnet, hostname, port, script_id,
severity, data);

Bug in nsr_output.c

Reply via email to