Merge branch 'openvas-20.08' into merge-master

greenbone · Jan 4, 2021 · 3ea0f54 · 3ea0f54
2 parents 486071e + efa3577
commit 3ea0f54
Show file tree

Hide file tree

Showing 13 changed files with 194 additions and 106 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -36,18 +36,23 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Add dump_icmp_packet() and dump_icmp_v6_packet() nasl functions. [#609](https://github.com/greenbone/openvas/pull/609)
 - Send message to the client with hosts count. [#606](https://github.com/greenbone/openvas/pull/606)
 - Use nasl_perror on invalid input and add more documentation. [#608](https://github.com/greenbone/openvas/pull/608)
+- Add timeout argument to ssh_connect() nasl function to set the connection timeout. [631](https://github.com/greenbone/openvas/pull/631)
 
 ### Changed
 - Downgrade wmi queries log level for common errors.
   [#602](https://github.com/greenbone/openvas/pull/602)
   [#607](https://github.com/greenbone/openvas/pull/607)
+- Rename some nasl functions and func parameters for consistency and fix byte order issue in get_ipv6_element. [#613](https://github.com/greenbone/openvas/pull/613)
+- Change log level from debug to message to show max_host and max_scan during scan start. [#626](https://github.com/greenbone/openvas/pull/626)
 
 ### Fixed
 - Fork vhosts before creating the socket.[#576](https://github.com/greenbone/openvas/pull/576)
 - Check if another forked child has already added the same vhost. [#581](https://github.com/greenbone/openvas/pull/581)
 - Send duplicated hosts as dead hosts to ospd, to adjust scan progress calculation. [#586](https://github.com/greenbone/openvas/pull/586)
 - Only send the signal if the pid is a positive value. [#593](https://github.com/greenbone/openvas/pull/593)
 - When routes with same mask are found the route with the better metric is chosen. [#593](https://github.com/greenbone/openvas/pull/593)
+- Fix malformed target. [#625](https://github.com/greenbone/openvas/pull/625)
+- Fix snmp result. Only return the value and do not stop at the first \n. [#627](https://github.com/greenbone/openvas/pull/627)
 
 [20.08]: https://github.com/greenbone/openvas/compare/v20.8.0...openvas-20.08
 

diff --git a/README.md b/README.md
@@ -32,9 +32,9 @@ For detailed installation requirements and instructions, please see the file
 `openvas` and for making the scanner available to other GVM modules.
 
 If you are not familiar or comfortable building from source code, we recommend
-that you use the Greenbone Community Edition, a prepared virtual machine with a
-readily available setup. Information regarding the virtual machine is available
-at <https://www.greenbone.net/en/community-edition/>.
+that you use the Greenbone Security Manager TRIAL (GSM TRIAL), a prepared virtual
+machine with a readily available setup. Information regarding the virtual machine
+is available at <https://www.greenbone.net/en/testnow>.
 
 ## Support
 

diff --git a/doc/openvas.8.in b/doc/openvas.8.in
@@ -42,7 +42,7 @@ ID for a single scan task. The scanner will start the scan with the data already
 
 .TP
 .BI "--scan-stop=" <scan-uuid>
-ID for a single scan task. The scanner will search the redis kb associated to the given scan_id. It takes the pid from the kb and sends the SIGUSR2 kill signal to stop the scan.
+ID for a single scan task. The scanner will search the redis kb associated to the given scan_id. It takes the pid from the kb and sends the SIGUSR1 kill signal to stop the scan.
 
 .TP
 .B "-u, --update-vt-info"

diff --git a/nasl/nasl_crypto2.c b/nasl/nasl_crypto2.c
@@ -607,7 +607,7 @@ nasl_dh_generate_key (lex_ctxt *lexic)
 /**
  * nasl function
  *
- *    DH_compute_key(p:mpi_p, g:mpi_g, dh_server_pub:mpi_server_pub,
+ *    dh_compute_key(p:mpi_p, g:mpi_g, dh_server_pub:mpi_server_pub,
  *                   pub_key:mpi_client_pub, priv_key:mpi_client_priv)
  *
  * Computes the Diffie-Hellman shared secret key from the shared
@@ -761,7 +761,7 @@ strip_pkcs1_padding (tree_cell *retc)
 /**
  * nasl function
  *
- *  rsa_public_encrypt(data:data, e:mpi_e, n:mpi_n, padd:<TRUE:FALSE>)
+ *  rsa_public_encrypt(data:data, e:mpi_e, n:mpi_n, pad:<TRUE:FALSE>)
  *
  * Encrypt the provided data  with the public RSA key given by its parameters e
  * and n. The return value is the encrypted data.
@@ -853,7 +853,7 @@ nasl_rsa_public_encrypt (lex_ctxt *lexic)
 /**
  * nasl function
  *
- *  rsa_private_decrypt(data:data, d:mpi_d, e:mpi_e, n:mpi_n, padd:<TRUE:FALSE>)
+ *  rsa_private_decrypt(data:data, d:mpi_d, e:mpi_e, n:mpi_n, pad:<TRUE:FALSE>)
  *
  * Decrypt the provided data with the private RSA key given by its parameters
  * d, e and n. The return value is the decrypted data in plaintext format.
@@ -1527,10 +1527,13 @@ nasl_bf_cbc_decrypt (lex_ctxt *lexic)
  * stream encryption.
  * @param[in] cipher The cipher algorithm.
  * @param[in] mode The cipher mode. Must be compatible with the algorithm.
+ * @param[in] caller_func Name of the caller function to be logged in case
+ * of error.
  * @return Returns the ID of the cipher handler on success. Otherwise NULL.
  */
 static tree_cell *
-nasl_open_stream_cipher (lex_ctxt *lexic, int cipher, int mode)
+nasl_open_stream_cipher (lex_ctxt *lexic, int cipher, int mode,
+                         const char *caller_func)
 {
   gcry_cipher_hd_t hd;
   gcry_error_t error;
@@ -1547,7 +1550,10 @@ nasl_open_stream_cipher (lex_ctxt *lexic, int cipher, int mode)
 
   if (!key || keylen <= 0)
     {
-      nasl_perror (lexic, "Syntax: encrypt_data: Missing data or key argument");
+      nasl_perror (lexic,
+                   "Syntax: open_stream_cipher (called from "
+                   "%s): Missing key argument",
+                   caller_func);
       return NULL;
     }
 
@@ -1599,10 +1605,12 @@ nasl_open_stream_cipher (lex_ctxt *lexic, int cipher, int mode)
  * @param[in] cipher The cipher algorithm. It must be the same used for the
  * handler. It is used to prepare the data. Only GCRY_CIPHER_ARCFOUR is
  * currently supported.
+ * @param[in] caller_func Name of the caller function to be logged in case
+ * of error.
  * @return Returns the encrypted data on success. Otherwise NULL.
  */
 static tree_cell *
-encrypt_stream_data (lex_ctxt *lexic, int cipher)
+encrypt_stream_data (lex_ctxt *lexic, int cipher, const char *caller_func)
 {
   gcry_cipher_hd_t hd;
   gcry_error_t error;
@@ -1617,7 +1625,10 @@ encrypt_stream_data (lex_ctxt *lexic, int cipher)
 
   if (!data || datalen <= 0)
     {
-      nasl_perror (lexic, "Syntax: encrypt_data: Missing data or key argument");
+      nasl_perror (lexic,
+                   "Syntax: encrypt_stream_data (called from "
+                   "%s): Missing data argument",
+                   caller_func);
       return NULL;
     }
 
@@ -1785,10 +1796,10 @@ encrypt_data (lex_ctxt *lexic, int cipher, int mode)
  * @brief Nasl function to encrypt data with a RC4 cipher. If an hd param
  * exist in the lexix context, it will use this handler to encrypt the data
  * as part of a stream data.
- * e.g.: rc4_encypt(data: data, hd: hd)
+ * e.g.: rc4_encrypt(data: data, hd: hd)
  *
  * Otherwise encrypts the data as block and the key is mandatory:
- * e.g.: rc4_encypt(data: data, key: key)
+ * e.g.: rc4_encrypt(data: data, key: key)
  *
  * @return Returns the encrypted data on success. Otherwise NULL.
  */
@@ -1804,7 +1815,7 @@ nasl_rc4_encrypt (lex_ctxt *lexic)
       hd = verify_cipher_id (lexic, cipher_id);
       if (hd == NULL)
         return NULL;
-      return encrypt_stream_data (lexic, GCRY_CIPHER_ARCFOUR);
+      return encrypt_stream_data (lexic, GCRY_CIPHER_ARCFOUR, "rc4_encrypt");
     }
 
   return encrypt_data (lexic, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM);
@@ -1822,7 +1833,7 @@ tree_cell *
 nasl_open_rc4_cipher (lex_ctxt *lexic)
 {
   return nasl_open_stream_cipher (lexic, GCRY_CIPHER_ARCFOUR,
-                                  GCRY_CIPHER_MODE_STREAM);
+                                  GCRY_CIPHER_MODE_STREAM, "open_rc4_cipher");
 }
 
 tree_cell *

diff --git a/nasl/nasl_init.c b/nasl/nasl_init.c
@@ -194,16 +194,26 @@ static init_func libfuncs[] = {
   {"sleep", nasl_sleep},
   {"isnull", nasl_isnull},
   {"defined_func", nasl_defined_func},
+
+  /* Following 5 entries needed for backwards compatibility.
+   * TODO: Once versions older than 20.08 are no longer in use these 5 entries
+   * can be deleted. */
+  {"forge_ipv6_packet", forge_ip_v6_packet},
+  {"get_ipv6_element", get_ip_v6_element},
+  {"set_ipv6_elements", set_ip_v6_elements},
+  {"insert_ipv6_options", insert_ip_v6_options},
+  {"dump_ipv6_packet", dump_ip_v6_packet},
+
   {"forge_ip_packet", forge_ip_packet},
-  {"forge_ipv6_packet", forge_ipv6_packet},
+  {"forge_ip_v6_packet", forge_ip_v6_packet},
   {"get_ip_element", get_ip_element},
-  {"get_ipv6_element", get_ipv6_element},
+  {"get_ip_v6_element", get_ip_v6_element},
   {"set_ip_elements", set_ip_elements},
-  {"set_ipv6_elements", set_ipv6_elements},
+  {"set_ip_v6_elements", set_ip_v6_elements},
   {"insert_ip_options", insert_ip_options},
-  {"insert_ipv6_options", insert_ipv6_options},
+  {"insert_ip_v6_options", insert_ip_v6_options},
   {"dump_ip_packet", dump_ip_packet},
-  {"dump_ipv6_packet", dump_ipv6_packet},
+  {"dump_ip_v6_packet", dump_ip_v6_packet},
   {"forge_tcp_packet", forge_tcp_packet},
   {"forge_tcp_v6_packet", forge_tcp_v6_packet},
   {"get_tcp_element", get_tcp_element},

diff --git a/nasl/nasl_packet_forgery.c b/nasl/nasl_packet_forgery.c
@@ -1447,7 +1447,7 @@ struct pseudo_udp_hdr
  order if necessary. 0 by default.
  * @param[in] uh_sport      Source port. NASL will convert it into network order
  if necessary. 0 by default.
- * @param[in] uh_sum        UDP checksum. Although it is not compulsary, the
+ * @param[in] uh_sum        UDP checksum. Although it is not compulsory, the
  right value is computed by default.
  * @param[in] uh_ulen       Data length. By default it is set to the length of
  the data argument plus the size of the UDP header.
@@ -1777,8 +1777,9 @@ dump_udp_packet (lex_ctxt *lexic)
  * @param[in] icmp_code     ICMP code. 0 by default.
  * @param[in] icmp_id       ICMP ID. 0 by default.
  * @param[in] icmp_seq      ICMP sequence number.
- * @param[in] icmp_type     ICMP type. 0  * @param[in]  update_ip_len Flag (TRUE
- * by default). If set, NASL will recompute the size field of the IP datagram.
+ * @param[in] icmp_type     ICMP type. 0 by default.
+ * @param[in] update_ip_len Flag (TRUE by default). If set, NASL will recompute
+ * the size field of the IP datagram.
  *
  * @return Modified IP datagram.
  */
@@ -2048,7 +2049,7 @@ forge_igmp_packet (lex_ctxt *lexic)
  * @param[in] port    Port to ping. Internal list of common ports is used as
  * default.
  *
- * @return 1 if Ping was successul, 0 else.
+ * @return 1 if Ping was successful, 0 else.
  */
 tree_cell *
 nasl_tcp_ping (lex_ctxt *lexic)
@@ -2199,7 +2200,7 @@ nasl_tcp_ping (lex_ctxt *lexic)
  * @param[in] pcap_active     TRUE by default. Otherwise, NASL does not listen
  * for the answers.
  * @param[in] pcap_filter     BPF filter.
- * @param[in] pcap_timeout    Capture timout. 5 by default.
+ * @param[in] pcap_timeout    Capture timeout. 5 by default.
  * @param[in] allow_broadcast Default 0.
  *
  * @return block made of all the sniffed “answers”.