Re: [Plugins-writers] problems with NASL SSH feature / local checks

From: Nicolas Pouvesle (nico.pou@private)
Date: Wed Sep 29 2004 - 08:16:44 PDT


I have reproduced the difference between the buffer size and the file
size.
In fact the server can send an exit-status message (when the command
terminates) before it has sent all data.

Following patch should finally (I hope) solve this bug.

For the maximum size you can display in nessus report I have no idea but
this is not related to SSH plugin.


Nicolas



Le mercredi 29 septembre 2004 à 15:19 +0200, Boris Wolf a écrit :
> Thank you for your quick response! The issue with i as counter
> for the for-loop seems to be resolved.
> 
> However, I'm still facing trouble with large report files.
> 
> When running this code
> 
> buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
>  
> if (buf) {
> 	my_report += buf;
> }
> 
> security_note(port:port, data:my_report);
> 
> I immediately get an "empty report" error (no lengthy timeout
> as before). Next, I added some debug code
> 
> buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
>  
> if (buf) {
> 	my_report += "buffer length: " + strlen(buf);
> #	my_report += buf;
> }
> 
> security_note(port:port, data:my_report);
> 
> When I run this (note the line I commented out!) I get as a
> result "buffer length: 622592". My original file length on the
> remote system is 727262 so I'm wondering where the difference
> comes from. Anyways, this looks much better than the 32768
> I get without applying your patch.
> 
> By the way, if I only show the first 30K of the report everything
> works again:
> 
> buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
>  
> if (buf) {
> 	my_report += "buffer length: " + strlen(buf);
> 	my_report += substr(buf,0,30000);
> }
> 
> security_note(port:port, data:my_report);
> 
> I have a feeling this has nothing to do with the SSH access but 
> rather with the implementation of strings or the security_note() 
> function in NASL. Is there a 32K limit as well? When I construct
> a "foo bar foo bar..." string longer than 32K directly in NASL
> the security_note() function seems to fail as well.
> 
> Thank you again,
> Boris
> 
> >Could you try the following patch and give us feedback ?
> >It should fix both problems.
> >
> >In the loop, the variable 'i' was overwritten during send_ssh_packet
> >(Renaux fixed it).
> >
> >For the size of your file, it was limitted to 32768 bytes. This patch
> >should allow you to receive 19MB of data.
> >
> >
> >> I played a bit with the new local scan / SSH features in
> >> NASL and found a couple of strange things:
> >> 
> >> 1. I tried to write a NASL script to retrieve certain
> >> report files (text files) from a remote machine. My code
> >> looks somewhat like this:
> >> 
> >> # ... SSH login procedure ...
> >> 
> >> buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
> >> 
> >> if (buf) {
> >> 	my_report += buf;
> >> }
> >> 
> >> # ...
> >> 
> >> security_note(port:port, data:my_report);
> >> 
> >> Everything works fine with this code but when the report.txt file
> >> reaches a certain size my NASL script simply hangs and times out
> >> after a while. My report file was 350K. I reduced its size in steps
> >> and around a file size of 10K the script starts working again.
> >> Any idea what the problem might be?
> >> 
> >> 2. My second problem is really strange and I'm wondering if I'm
> >> overlooking anything obvious... ;)
> >> 
> >> It also has to do with the new SSH capability.
> >> 
> >> I tried a script looking like this
> >> 
> >> # ... SSH login procedure ...
> >> 
> >> for (i=1; i<=3; i++) {
> >>   buf = ssh_cmd(socket:sock, cmd:"cat report"+i+".txt", timeout:60);
> >>   if (buf) {
> >>     my_report += buf;
> >>   }
> >> }
> >> 
> >> security_note(port:port, data:my_report);
> >> 
> >> It seems this script only executes the first iteration of the loop 
> >> and then silently dies. If I rewrite the script
> >> 
> >> # ... SSH login procedure ...
> >> 
> >> buf = ssh_cmd(socket:sock, cmd:"cat report1.txt", timeout:60);
> >> my_report += buf;
> >> 
> >> buf = ssh_cmd(socket:sock, cmd:"cat report2.txt", timeout:60);
> >> my_report += buf;
> >> 
> >> buf = ssh_cmd(socket:sock, cmd:"cat report3.txt", timeout:60);
> >> my_report += buf;
> >> 
> >> security_note(port:port, data:my_report);
> >> 
> >> then everything works fine. It almost seems like ssh_cmd() and 
> >> for-loops don't like each other.
> 
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@private
> http://mail.nessus.org/mailman/listinfo/plugins-writers



_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Wed Sep 29 2004 - 08:15:21 PDT