Thank you for your quick response! The issue with i as counter
for the for-loop seems to be resolved.
However, I'm still facing trouble with large report files.
When running this code
buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
if (buf) {
my_report += buf;
}
security_note(port:port, data:my_report);
I immediately get an "empty report" error (no lengthy timeout
as before). Next, I added some debug code
buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
if (buf) {
my_report += "buffer length: " + strlen(buf);
# my_report += buf;
}
security_note(port:port, data:my_report);
When I run this (note the line I commented out!) I get as a
result "buffer length: 622592". My original file length on the
remote system is 727262 so I'm wondering where the difference
comes from. Anyways, this looks much better than the 32768
I get without applying your patch.
By the way, if I only show the first 30K of the report everything
works again:
buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
if (buf) {
my_report += "buffer length: " + strlen(buf);
my_report += substr(buf,0,30000);
}
security_note(port:port, data:my_report);
I have a feeling this has nothing to do with the SSH access but
rather with the implementation of strings or the security_note()
function in NASL. Is there a 32K limit as well? When I construct
a "foo bar foo bar..." string longer than 32K directly in NASL
the security_note() function seems to fail as well.
Thank you again,
Boris
>Could you try the following patch and give us feedback ?
>It should fix both problems.
>
>In the loop, the variable 'i' was overwritten during send_ssh_packet
>(Renaux fixed it).
>
>For the size of your file, it was limitted to 32768 bytes. This patch
>should allow you to receive 19MB of data.
>
>
>> I played a bit with the new local scan / SSH features in
>> NASL and found a couple of strange things:
>>
>> 1. I tried to write a NASL script to retrieve certain
>> report files (text files) from a remote machine. My code
>> looks somewhat like this:
>>
>> # ... SSH login procedure ...
>>
>> buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
>>
>> if (buf) {
>> my_report += buf;
>> }
>>
>> # ...
>>
>> security_note(port:port, data:my_report);
>>
>> Everything works fine with this code but when the report.txt file
>> reaches a certain size my NASL script simply hangs and times out
>> after a while. My report file was 350K. I reduced its size in steps
>> and around a file size of 10K the script starts working again.
>> Any idea what the problem might be?
>>
>> 2. My second problem is really strange and I'm wondering if I'm
>> overlooking anything obvious... ;)
>>
>> It also has to do with the new SSH capability.
>>
>> I tried a script looking like this
>>
>> # ... SSH login procedure ...
>>
>> for (i=1; i<=3; i++) {
>> buf = ssh_cmd(socket:sock, cmd:"cat report"+i+".txt", timeout:60);
>> if (buf) {
>> my_report += buf;
>> }
>> }
>>
>> security_note(port:port, data:my_report);
>>
>> It seems this script only executes the first iteration of the loop
>> and then silently dies. If I rewrite the script
>>
>> # ... SSH login procedure ...
>>
>> buf = ssh_cmd(socket:sock, cmd:"cat report1.txt", timeout:60);
>> my_report += buf;
>>
>> buf = ssh_cmd(socket:sock, cmd:"cat report2.txt", timeout:60);
>> my_report += buf;
>>
>> buf = ssh_cmd(socket:sock, cmd:"cat report3.txt", timeout:60);
>> my_report += buf;
>>
>> security_note(port:port, data:my_report);
>>
>> then everything works fine. It almost seems like ssh_cmd() and
>> for-loops don't like each other.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Wed Sep 29 2004 - 06:39:22 PDT