Hello Jose,
I have exactly the same issue you've described (found your post while
googling for my problem).
Your report was really helpful, as using it, I was able quickly to
localize the problem: basically, it seems that va_start should be
called not once, but before each invocation of vsnprintf, to reset
''param'' to the appropriate value - I do not know why this was not
noticed before, probably, default buffer size is enough in all but
very extreme cases. In my configuration it happened only once per
nessus run that the loop was repeated - when formatting string with
plugins numbers, it seems (about 85,000 bytes length) - but it was
enough for crash.
I do not have time to dig into it too much, but the following patch
has solved my crash and allowed me to execute nessus successfully on
my system. If you have not fixed the problem yourselves yet, you can
try it - I hope, it will work for you also!
diff -urN nessus-core/nessus/auth.c nessus-core.patched/nessus/auth.c
--- nessus-core/nessus/auth.c 2006-09-26 20:32:12.000000000 +0300
+++ nessus-core.patched/nessus/auth.c 2007-05-06 02:05:30.000000000 +0300
@@ -92,11 +92,11 @@
char * buffer = emalloc(s);
int len, n = 0;
signal(SIGPIPE, sighand_pipe);
- va_start(param, data);
for(;;)
{
+ va_start(param, data);
r = vsnprintf(buffer, s - 1, data, param);
if(r >= 0 && r < s)break;
s = r > s ? r + 2 : s * 2;
Good luck! Alexander
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel
I have exactly the same issue you've described (found your post while
googling for my problem).
Your report was really helpful, as using it, I was able quickly to
localize the problem: basically, it seems that va_start should be
called not once, but before each invocation of vsnprintf, to reset
''param'' to the appropriate value - I do not know why this was not
noticed before, probably, default buffer size is enough in all but
very extreme cases. In my configuration it happened only once per
nessus run that the loop was repeated - when formatting string with
plugins numbers, it seems (about 85,000 bytes length) - but it was
enough for crash.
I do not have time to dig into it too much, but the following patch
has solved my crash and allowed me to execute nessus successfully on
my system. If you have not fixed the problem yourselves yet, you can
try it - I hope, it will work for you also!
diff -urN nessus-core/nessus/auth.c nessus-core.patched/nessus/auth.c
--- nessus-core/nessus/auth.c 2006-09-26 20:32:12.000000000 +0300
+++ nessus-core.patched/nessus/auth.c 2007-05-06 02:05:30.000000000 +0300
@@ -92,11 +92,11 @@
char * buffer = emalloc(s);
int len, n = 0;
signal(SIGPIPE, sighand_pipe);
- va_start(param, data);
for(;;)
{
+ va_start(param, data);
r = vsnprintf(buffer, s - 1, data, param);
if(r >= 0 && r < s)break;
s = r > s ? r + 2 : s * 2;
Good luck! Alexander
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel