Mailing List Archive

Nessus Script ID 22033 and 22032: Contain a Bug?
Hello All,

I believe the following Nessus Script ID 22033 and 22032 contains a bug.

During QA testing, I noticed that nessusd.dump was reporting the following error:
"cell2bool: converting array to boolean does not make sense!"

I traced the error to the following code snippet.

Source snippet from 22033 version 1.1:
1. if ( v )

Line 1 should be:
if (! isnull (v))

Source snippet from 22032 version 1.1:
1. if ( v )

Line 1 should be:
if (! isnull (v))

Can someone review my finding?

Thanks,
Paul
Re: Nessus Script ID 22033 and 22032: Contain a Bug? [ In reply to ]
On Jul 12, 2006, at 4:17 AM, Paul Bellefeuille wrote:

> Hello All,
>
> I believe the following Nessus Script ID 22033 and 22032 contains a
> bug.
>
> During QA testing, I noticed that nessusd.dump was reporting the
> following error:
> "cell2bool: converting array to boolean does not make sense!"

It's a Nessus 2.x message which should be rather harmless. I've fixed
it, though.


Thanks,

-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: Nessus Script ID 22033 and 22032: Contain a Bug? [ In reply to ]
On Wed Jul 12 2006 at 10:11, Renaud Deraison wrote:

>> "cell2bool: converting array to boolean does not make sense!"

> It's a Nessus 2.x message which should be rather harmless.

This is in fact a "pedantic" warning. Maybe we should remove it.

NASL knows this types:
null, integer, string, array
Boolean is an internal type.

Conversion rules are defined for "integer" and "string".
0 is FALSE, any non zero integer is TRUE.
"" is FALSE, any non empty string is TRUE -- but a bug in older versions
made "0" FALSE too, just like in Perl; now a warning is printed and
TRUE is returned.
Because of the automatic conversion from string to integer, it is
safer to check the value of a string either with 'int(s) != 0' or
'strlen(s) > 0', according to the wanted semantics.

As we could not design any consistent rule for TRUE/FALSE arrays, they
are always TRUE (even for empty arrays IIRC), and a warning is printed.

However, in contrary to compiled languages like C, no type is
associated to a variable; only the contained value is typed. So a
non initialized variable has the "null" special type (which knows only
one value: NULL). A function may return this in case of error, for
example, or if it cannot send back any meaningful value. NULL is
always converted to FALSE.
Some functions return an array, or NULL in case of error.

[.those who wonder what's the use of a null value should read "Computer
Data Structures" by John L. Pflatz or any other good book on the
topic. Or try to guess why getchar() returns an int and not a char]

The lazy way to check if the error occured is:
v = f(...): if (v) { OK...} else { ERROR...}
This triggers the warning.

if (isnull(v)) ...
is cleaner and does not complain.

Both syntax returns the same result.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers