The latest version of openvas has changed the logic used to
validate the "port_range" passed in. One of the values
advertised that can be used is the string "default", and if
you look at older daemons, they specifically support that
via the "getpts" call.
Now, however, while "default" is still advertised as the
default value of "port_range" (see preferences.c:83), if
you actually try to use that default string, the daemon bails
with error
SERVER <|> ERROR <|> E001 - Invalid port range <|> SERVER
The offending code change appears to be in "attack.c".
The new code looks like this:
/* Init and check Port Range. */
port_range = arg_get_value (preferences, "port_range");
if (port_range == NULL || port_range[0] == '\0')
port_range = "1-15000";
if (strcmp (port_range, "-1") != 0)
{
port_range = arg_get_value (preferences, "port_range");
if (validate_port_range (port_range))
{
auth_printf (globals,
"SERVER <|> ERROR <|> E001 - Invalid port range
<|> SERVER\n");
return 0;
}
}
The old code was:
/* Init and check Port Range. */
port_range = arg_get_value (preferences, "port_range");
if (port_range == NULL || port_range[0] == '\0')
port_range = "1-15000";
if (strcmp (port_range, "-1") != 0)
{
unsigned short *ports;
ports = (unsigned short *) getpts (port_range, NULL);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# Support for default imbedded within getpts above
if (ports == NULL)
{
auth_printf (globals,
"SERVER <|> ERROR <|> E001 - Invalid port range
<|> SERVE
R\n");
return -1;
}
}
Re impact:
FYI - I am seeing downstream impact, as amap.nasl and nmap.nasl
have explicit checks for the value "default" to control certain
behaviours. That might be a non-trivial impact in terms of
expected behaviour/performance of nmap itself...
The specific use case for us is that we use the 'default' value
of nmap to control nmap's scan to scan any port below 1024 and
all known service ports that nmap has, and to then feed that
back into openvas. It looks to me based on observations (haven't
run the actual tests yet), that this capability would now be
broken, as there would be no way of telling nmap to leverage this
default behaviour set.
I am guessing based on a cursory reading of the code that backwards
compatibility could be re-instated by modifying the check for
a string of "-1" failure to be a check for failure of both
"-1" and "default"...
I.e. change in attack.c
if (strcmp (port_range, "-1") != 0)
to
if (strcmp(port_range, "-1")!=0) && strcmp(port_range, "default")!=0)
Anyone see any issues with what's been suggested?
Thomas
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
