Hmmm...other than a warning I was getting that might have
undefined results, I'm getting recomp() doing the right thing.
Can you try the following script and see if it spits
back -1 in revcomp?
$ cat x.nasl
#!/usr/local/bin/nasl
include("revisions-lib.inc");
old = "1.2.8-0ubuntu8";
new = "1.2.8-0ubuntu8.3";
display(string(revcomp(a:old, b:new)));
$
$ ./x.nasl
** WARNING : packet forgery will not work
** as NASL is not running as root
-1$
In the meantime, I've checked in an update which fixes
a past-end-of array index access, but it shouldn't change
the behaviour of revcomp().
If you're calling isdpkgvuln, remember it will return
0 if the release detected doesn't match the one you
are testing, or if the package list wasn't retrieved.
I suspect one of those problems is occurring.
Thomas
Carsten Koch-Mauthe wrote:
> Hi,
>
> i've tried to check Version on some Ubuntu packages. But found a problem
> which
> i need some input for.
> Ubuntu sometimes uses a Version scheme like this
> Old Version : 1.2.8-0ubuntu8
> New Version: 1.2.8-0ubuntu8.3
>
> Checking this with isdpkgvuln will give the equal result. Same with my
> version_is_less function.
> Problem is that the Old Version is shorter then the new version and revcomp
> function will only check to max length of old version.
> version_is_less cannot handle this characters correct. I will try to fix the
> version_func for a scheme like this. But Ubuntu is using pkg which normally
> can easiliy be checked with isdpkgvuln. Which i prefer to use for this
> checks.
> Any hints how this can be solved cleanly ?
>
_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel