|
OpenVAS
mailing list archives
Re: openvasmd segfaulting under OpenBSD
From: Rodolfo Gouveia <rgouveia () cosmico net>
Date: Wed, 23 Jan 2013 16:04:04 +0000
List-id: OpenVAS discussions <openvas-discuss.wald.intevation.org>
Regarding this problem it seems the fault seems to be in otp.c:1555,
but looking at the latest beta 6 there aren't any changes to this
so I'm not sure if it's worth the hassle to try and build all of
OpenVAS under OpenBSD as there are patches involved.
I'm using glib2-2.32.4 btw.
Here's the relevant part of otp.c:
#ifdef SCANNER_SENDS_UTF8
/* What to do when the scanner sends UTF-8. */
field = openvas_strip_space (message, match);
#else
/* ISO-8859-1 input to UTF-8 hack. */
{
gsize size_dummy;
gchar *compressed;
char* iso_field;
iso_field = openvas_strip_space (message, match);
compressed = g_strcompress (iso_field);
1555: blank_control_chars (compressed);
field = g_convert (compressed, match - message - 1,
"UTF-8", "ISO_8859-1",
NULL, &size_dummy, NULL);
g_free (compressed);
if (field == NULL) abort ();
}
#endif
I suspect that compressed is bad when passing it to blank_control_chars.
Here's a full bactrace from gdb:
(gdb) bt full
#0 0x000000020a49c6d0 in iso8859_1_mbtowc () from /usr/local/lib/libiconv.so.6.0
No symbol table info available.
#1 0x000000020a4ac7fe in unicode_loop_convert () from /usr/local/lib/libiconv.so.6.0
No symbol table info available.
#2 0x0000000207fecb4a in g_iconv (converter=0x205e2fb00, inbuf=0x7f7ffffd0f48, inbytes_left=0x7f7ffffd0f40,
outbuf=0x7f7ffffd0f50, outbytes_left=0x7f7ffffd0f38) at gconvert.c:314
cd = 0x205e2fb00
#3 0x0000000207fed395 in g_convert_with_iconv (
str=0x20a2634e0 ";; Vulnerability Insight:;; Several dangling pointer vulnerabilities were discovered in
Thunderbird. An; attacker could exploit this to crash Thunderbird or possibly run arbitrary; code as the use"...,
len=2849, converter=0x205e2fb00, bytes_read=0x0, bytes_written=0x7f7ffffd1038, error=0x0) at gconvert.c:745
dest = (
gchar *) 0x20cc544d0 ";; Vulnerability Insight:;; Several dangling pointer vulnerabilities were discovered in
Thunderbird. An; attacker could exploit this to crash Thunderbird or possibly run arbitrary; code as the use"...
outp = (
gchar *) 0x20cc544d0 ";; Vulnerability Insight:;; Several dangling pointer vulnerabilities were discovered in
Thunderbird. An; attacker could exploit this to crash Thunderbird or possibly run arbitrary; code as the use"...
p = (
const gchar *) 0x20a2634e0 ";; Vulnerability Insight:;; Several dangling pointer vulnerabilities were discovered
in Thunderbird. An; attacker could exploit this to crash Thunderbird or possibly run arbitrary; code as the use"...
inbytes_remaining = 2849
outbytes_remaining = 2849
err = 3592
outbuf_size = 2853
have_error = 0
done = 0
reset = 0
__PRETTY_FUNCTION__ = "g_convert_with_iconv"
#4 0x0000000207fed6e0 in g_convert (
str=0x20a2634e0 ";; Vulnerability Insight:;; Several dangling pointer vulnerabilities were discovered in
Thunderbird. An; attacker could exploit this to crash Thunderbird or possibly run arbitrary; code as the use"...,
len=2849, to_codeset=0x579e0d "UTF-8", from_codeset=0x579e02 "ISO_8859-1", bytes_read=0x0,
bytes_written=0x7f7ffffd1038, error=0x0) at gconvert.c:889
res = (gchar *) 0x222e8b4 ""
cd = 0x205e2fb00
__PRETTY_FUNCTION__ = "g_convert"
#5 0x000000000042fc5c in process_otp_scanner_input () at
/usr/ports/pobj/openvas-manager-3.0.5/openvas-manager-3.0.5/src/otp.c:1555
size_dummy = 43
compressed = (
gchar *) 0x20a2634e0 ";; Vulnerability Insight:;; Several dangling pointer vulnerabilities were discovered in
Thunderbird. An; attacker could exploit this to crash Thunderbird or possibly run arbitrary; code as the use"...
iso_field = Variable "iso_field" is not available.
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss () wald intevation org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
 By Date 
By Thread
Current thread:
|
