Mailing List Archive

nessus crash on x86_64
Hello Jose,

I have exactly the same issue you've described (found your post while
googling for my problem).

Your report was really helpful, as using it, I was able quickly to
localize the problem: basically, it seems that va_start should be
called not once, but before each invocation of vsnprintf, to reset
''param'' to the appropriate value - I do not know why this was not
noticed before, probably, default buffer size is enough in all but
very extreme cases. In my configuration it happened only once per
nessus run that the loop was repeated - when formatting string with
plugins numbers, it seems (about 85,000 bytes length) - but it was
enough for crash.

I do not have time to dig into it too much, but the following patch
has solved my crash and allowed me to execute nessus successfully on
my system. If you have not fixed the problem yourselves yet, you can
try it - I hope, it will work for you also!

diff -urN nessus-core/nessus/auth.c nessus-core.patched/nessus/auth.c
--- nessus-core/nessus/auth.c 2006-09-26 20:32:12.000000000 +0300
+++ nessus-core.patched/nessus/auth.c 2007-05-06 02:05:30.000000000 +0300
@@ -92,11 +92,11 @@
char * buffer = emalloc(s);
int len, n = 0;
signal(SIGPIPE, sighand_pipe);
- va_start(param, data);


for(;;)
{
+ va_start(param, data);
r = vsnprintf(buffer, s - 1, data, param);
if(r >= 0 && r < s)break;
s = r > s ? r + 2 : s * 2;


Good luck! Alexander





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel
Re: nessus crash on x86_64 [ In reply to ]
On May 6, 2007, at 6:14 PM, Alexander Tsvyashchenko wrote:

>
> Hello Jose,
>
> I have exactly the same issue you've described (found your post
> while googling for my problem).
>
> Your report was really helpful, as using it, I was able quickly to
> localize the problem: basically, it seems that va_start should be
> called not once, but before each invocation of vsnprintf, to reset
> ''param'' to the appropriate value - I do not know why this was not
> noticed before, probably, default buffer size is enough in all but
> very extreme cases. In my configuration it happened only once per
> nessus run that the loop was repeated - when formatting string with
> plugins numbers, it seems (about 85,000 bytes length) - but it was
> enough for crash.
>
> I do not have time to dig into it too much, but the following patch
> has solved my crash and allowed me to execute nessus successfully
> on my system. If you have not fixed the problem yourselves yet, you
> can try it - I hope, it will work for you also!

Looks good -- thanks. If it indeed confirms that this solves bug#1546
I'll release 2.2.10 this week.




-- Renaud
_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel