Mailing List Archive

old user rules are not cleared in nessusd
Hi!

Attached is a patch which makes a backup copy of the server rules
while being connected by a client, before user rules are added.

If the client uses comm_send_rules to add new user rules, they are
appended to all existing rules, so they get duplicated with every
attack run. Even worse, they don't get cleared in the current
connection if they are removed from the client.

Renaud, may I apply this to HEAD?

Thomas

--
Email: thomas@intevation.de
http://intevation.de/~thomas/
Re: old user rules are not cleared in nessusd [ In reply to ]
* Thomas Arendsen Hein <thomas@intevation.de> [20041124 17:50]:
> Attached is a patch which makes a backup copy of the server rules
> while being connected by a client, before user rules are added.
>
> If the client uses comm_send_rules to add new user rules, they are
> appended to all existing rules, so they get duplicated with every
> attack run. Even worse, they don't get cleared in the current
> connection if they are removed from the client.

It seems there is a problem with my patch which causes a segfault in
the server thread responsible for the connection sending rules.

I'll look into this, but maybe someone else has an idea?

Thomas

--
Email: thomas@intevation.de
http://intevation.de/~thomas/
Re: old user rules are not cleared in nessusd [ In reply to ]
* Thomas Arendsen Hein <thomas@intevation.de> [20041126 10:40]:
> It seems there is a problem with my patch which causes a segfault in
> the server thread responsible for the connection sending rules.

My patch was ok, but rules_dup was broken (as documented in the
nessusd log).

Attached is a patch which fixes it, since the patch isn't very
readable, here the complete rules_dup function:


struct nessus_rules *
rules_dup(struct nessus_rules *source)
{
struct nessus_rules *target = NULL;

if(source)
{
target = memcpy(emalloc(sizeof(struct nessus_rules)),
source, sizeof(struct nessus_rules));
target->next = rules_dup(source->next);
}
return target;
}


Renaud, do I have the permission to commit both patches?

Thomas

--
Email: thomas@intevation.de
http://intevation.de/~thomas/