-
Notifications
You must be signed in to change notification settings - Fork 591
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
End the scanner in a better way if the host list is malformed. #625
Conversation
Send a message to the client in case of invalid target list
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be possible to include the invalid target list in the error message for the client too?
src/attack.c
Outdated
unresolved = gvm_hosts_resolve (hosts); | ||
if (hosts == NULL) | ||
{ | ||
sprintf (buf, "Invalid target list: %s.", hostlist); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Buffer is very small (only 96 bytes) and hostlist
can get very big. Use snprinf
or g_snprintf()
and a bigger buffer if its likely that hostlist will exceed 96 bytes length. You can use strlen
to get the needed lenght and check it agains the buffer size.
Do we even limit the lenght of a hoststring?
src/attack.c
Outdated
{ | ||
sprintf (buf, "Invalid target list: %s.", hostlist); | ||
connect_main_kb (&main_kb); | ||
message_to_client (main_kb, buf, NULL, NULL, "ERRMSG"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
message_to_client
has internal buffer with len 2048. Make sure that no buffer overflow can happen in this function too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
g_strdup_printf is a good solution.
What:
End the scanner in a better way if the host list is malformed and send a message to the client in case of invalid target list
Why:
If the target host list is not empty but malformed, the hosts struct is NULL. Then gvm_hosts_resolve() segfaults
How:
Start a scan with gvm-cli (gsa already checks for malformed target) wiht 192.168.0.1/32 as host target.
Checklist: