Hmmm...other than a warning I was getting that might have
undefined results, I'm getting recomp() doing the right thing.

Can you try the following script and see if it spits
back -1 in revcomp?

$ cat x.nasl
#!/usr/local/bin/nasl

include("revisions-lib.inc");

old = "1.2.8-0ubuntu8";
new = "1.2.8-0ubuntu8.3";

display(string(revcomp(a:old, b:new)));
$
$ ./x.nasl
** WARNING : packet forgery will not work
** as NASL is not running as root
-1$

In the meantime, I've checked in an update which fixes
a past-end-of array index access, but it shouldn't change
the behaviour of revcomp().

If you're calling isdpkgvuln, remember it will return
0 if the release detected doesn't match the one you
are testing, or if the package list wasn't retrieved.
I suspect one of those problems is occurring.

Thomas

Carsten Koch-Mauthe wrote:
> Hi,
> 
> i've tried to check Version on some Ubuntu packages. But found a problem 
> which 
> i need some input for.
> Ubuntu sometimes uses a Version scheme like this 
> Old Version : 1.2.8-0ubuntu8
> New Version: 1.2.8-0ubuntu8.3
> 
> Checking this with isdpkgvuln will give the equal result. Same with my 
> version_is_less function. 
> Problem is that the Old Version is shorter then the new version and revcomp 
> function will only check to max length of old version.  
> version_is_less cannot handle this characters correct. I will try to fix the 
> version_func for a scheme like this. But Ubuntu is using pkg which normally 
> can easiliy be checked with isdpkgvuln. Which i prefer to use for this 
> checks.
> Any hints how this can be solved cleanly ?
> 

_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel

Reply via email to