Commit db259edc authored by Sophie Brun's avatar Sophie Brun

Merge tag 'upstream/5.0.4' into kali/master

Upstream version 5.0.4
parents aec5faa5 3ba87d04
openvas-scanner 5.0.4 (2015-07-09)
This is the fourth maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release fixes an issue which could produce duplicate scan results. It also
enables the removal of the pidfile on exit in OpenVAS Scanner.
Many thanks to everyone who contributed to this release:
Hani Benhabiles.
Main changes compared to 5.0.3:
* An issue which could produce duplicate scan results when a scan was stopped
and later resumed has been fixed.
* An issue which caused new host scans to start even though the overall scan had
been requested to stop has been fixed.
* An issue which caused scans to terminate prematurely upon receiving the
SIGPIPE signal has been fixed.
* The OpenVAS Scanner parent process now removes its pidfile when exiting.
openvas-scanner 5.0.3 (2015-05-11)
This is the third maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release fixes an issue introduced with OpenVAS Scanner 5.0.2 which
sometimes resulted in the parent process not releasing the CPU after loading the
NVTs.
Many thanks to everyone who contributed to this release:
Hani Benhabiles.
Main changes compared to 5.0.2:
* An issue which caused OpenVAS Scanner to fail to release the CPU after loading
the NVTs under certain circumstances has been fixed.
openvas-scanner 5.0.2 (2015-04-30)
This is the second maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release increases the minimum required version of OpenVAS Libraries to
8.0.2. It uses new functionality from OpenVAS Libraries to set the target hosts
FQDN based on a reverse DNS lookup. It also fixes an issue which caused NVTs to
hang under certain circumstances.
Many thanks to everyone who contributed to this release:
Hani Benhabiles, Miguel Angel Cabrera Moya and Michael Wiegand.
Main changes compared to 5.0.1:
* The required minimum OpenVAS Libraries version has increased to 8.0.2.
* The target FQDN is now set to the result of a reverse DNS lookup on the IP
when available.
* An issue which caused NVTs to hang on open, but unresponsive ports due to the
timeout not being set correctly has been fixed.
* An issue which caused the loading handler process to live on even after the
parent process had been killed has been fixed.
* An issue which prevented openvas-scanner from building with GLib =< 2.28 has
been addressed.
openvas-scanner 5.0.1 (2015-04-01)
This is the first maintenance release of the openvas-scanner 5.0 module for
......
......@@ -7,7 +7,7 @@
# Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
#
# Copyright:
# Copyright (C) 2011-2014 Greenbone Networks GmbH
# Copyright (C) 2011-2015 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
......@@ -85,7 +85,7 @@ set (CPACK_PACKAGE_VERSION_MAJOR "5")
set (CPACK_PACKAGE_VERSION_MINOR "0")
# Use this scheme for stable releases
set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION_PATCH "4${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH "+beta1${SVN_REVISION}")
......@@ -184,10 +184,10 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
## Dependency checks
pkg_check_modules (LIBOPENVAS_NASL REQUIRED libopenvas_nasl>=8.0.0)
pkg_check_modules (LIBOPENVAS_BASE REQUIRED libopenvas_base>=8.0.0)
pkg_check_modules (LIBOPENVAS_MISC REQUIRED libopenvas_misc>=8.0.0)
pkg_check_modules (LIBOPENVAS_OMP REQUIRED libopenvas_omp>=8.0.0)
pkg_check_modules (LIBOPENVAS_NASL REQUIRED libopenvas_nasl>=8.0.2)
pkg_check_modules (LIBOPENVAS_BASE REQUIRED libopenvas_base>=8.0.2)
pkg_check_modules (LIBOPENVAS_MISC REQUIRED libopenvas_misc>=8.0.2)
pkg_check_modules (LIBOPENVAS_OMP REQUIRED libopenvas_omp>=8.0.2)
pkg_check_modules (GLIB REQUIRED glib-2.0>=2.16)
message (STATUS "Looking for libgcrypt...")
......
2015-07-09 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-scanner 5.0.4 release.
* CHANGES: Updated.
2015-07-08 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22722.
* src/processes.c (init_child_signal_handlers): Ignore SIGPIPE instead
of terminating process.
2015-07-08 Michael Wiegand <michael.wiegand@greenbone.net>
Backport r22654. Original patch by Hani Benhabiles.
* src/hosts.c (hosts_new): Check if scan is stopped.
(hosts_stop_all): Set global_scan_stop for this process too.
* src/attack.c (attack_network): Don't start new host scans when scan is
stopped.
2015-06-02 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22544.
* src/openvassd.c (remove_pidfile): New function.
(loading_handler_start): Handle SIGTERM with remove_pidfile().
(check_termination): Remove pidfile before exiting.
2015-05-22 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22400.
* src/attack.c (attack_start), src/nasl_plugins.c (nasl_thread): Remove
useless socket duplicate to hardcoded value of 4.
2015-05-14 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22326.
* src/log.c (log_init): Don't duplicate log file descriptor to fixed 3
value. Fixes closing of a file descriptor with GnuTLS 3.3.8-9.
2015-05-12 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22350.
* src/attack.c (attack_start): Don't send HOST_END when scan was
stopped.
2015-05-11 Michael Wiegand <michael.wiegand@greenbone.net>
Post release version bump.
* CMakeLists.txt: Set version to 5.0.4.
2015-05-11 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-scanner 5.0.3 release.
* CHANGES: Updated.
2015-05-06 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22296.
* src/openvassd.c (loading_handler_start): Save the socket's flags
correctly, and properly use it with O_NONBLOCK.
2015-05-04 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22274.
* src/openvassd.c (loading_handler_start): Set back the global socket's
flags after loading end.
2015-04-30 Michael Wiegand <michael.wiegand@greenbone.net>
Post release version bump.
* CMakeLists.txt: Set version to 5.0.3.
2015-04-30 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-scanner 5.0.2 release.
* CHANGES: Updated.
* CMakeLists.txt: Bump minimum required openvas-libraries version to
8.0.2 due to API changes.
* INSTALL: Make required openvas-libraries version consistent with
CMakeLists.txt.
2015-04-28 Michael Wiegand <michael.wiegand@greenbone.net>
Backport r22221.
* src/pluginload.c (plugins_reload_from_dir): Ensure openvas-scanner
builds with GLib =< 2.28 by wrapping g_slist_free_full () in an ifdef
and falling back to g_slist_foreach () / g_slist_free () when using
older GLib versions. Based on patch suggested by Miguel Angel Cabrera
Moya.
2015-04-27 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22215.
* src/openvassd.c (loading_handler_start): Set global socket as
nonblocking. Periodically check that parent is still alive.
(reload_openvassd, main): Check loading_handler_start() return value.
Reported by Miguel Angel Cabrera.
2015-04-20 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22167.
* src/pluginlaunch.c (plugin_launch): Correctly set the plugin's timeout
when none is provided in the nvt. Issue reported by Kent Fritz.
2015-04-13 Hani Benhabiles <hani.benhabiles@greenbone.net>
Backport r22050.
* src/attack.c (attack_network): Set the host's fqdn as reverse lookup
of the ip when available.
2015-04-01 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Post release version bump.
* CMakeLists.txt: Set version to 5.0.2.
2015-04-01 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Preparing the openvas-scanner 5.0.1 release.
......
......@@ -13,7 +13,7 @@ Prerequisites:
* cmake
* glib-2.0 >= 2.16
* libgcrypt
* openvas-libraries >= 8.0.0
* openvas-libraries >= 8.0.2
* pkg-config
* redis >= 2.4.0
......
/* OpenVAS
* $Id: attack.c 22004 2015-03-31 15:06:57Z kroosec $
* $Id: attack.c 22719 2015-07-08 09:56:25Z mwiegand $
* Description: Launches the plugins, and manages multithreading.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -617,7 +617,7 @@ attack_start (struct attack_start_args *args)
const char *vhosts = prefs_get ("vhosts");
const char *vhosts_ip = prefs_get ("vhosts_ip");
int thread_socket;
struct timeval then, now;
struct timeval then;
plugins_scheduler_t sched = args->sched;
kb_t *net_kb = args->net_kb;
......@@ -629,10 +629,7 @@ attack_start (struct attack_start_args *args)
inet_ntop (AF_INET6, &args->hostip, host_str, sizeof (host_str));
close (args->parent_socket);
thread_socket = dup2 (args->thread_socket, 4);
if (args->thread_socket != thread_socket)
close (args->thread_socket);
thread_socket = args->thread_socket;
gettimeofday (&then, NULL);
arg_add_value (preferences_get (), "non_simult_ports_list", ARG_ARGLIST,
......@@ -675,18 +672,21 @@ attack_start (struct attack_start_args *args)
// Start scan
attack_host (globals, hostinfos, host_str, sched, net_kb);
// Calculate duration, clean up
ntp_timestamp_host_scan_ends (thread_socket, host_str);
gettimeofday (&now, NULL);
if (now.tv_usec < then.tv_usec)
if (!scan_is_stopped ())
{
then.tv_sec++;
now.tv_usec += 1000000;
}
struct timeval now;
log_write ("Finished testing %s. Time : %ld.%.2ld secs", host_str,
(long) (now.tv_sec - then.tv_sec),
(long) ((now.tv_usec - then.tv_usec) / 10000));
ntp_timestamp_host_scan_ends (thread_socket, host_str);
gettimeofday (&now, NULL);
if (now.tv_usec < then.tv_usec)
{
then.tv_sec++;
now.tv_usec += 1000000;
}
log_write ("Finished testing %s. Time : %ld.%.2ld secs", host_str,
(long) (now.tv_sec - then.tv_sec),
(long) ((now.tv_usec - then.tv_usec) / 10000));
}
shutdown (thread_socket, 2);
close (thread_socket);
g_free (args->fqdn);
......@@ -933,7 +933,6 @@ attack_network (struct arglist *globals, kb_t *network_kb)
int fork_retries = 0;
GHashTable *files;
struct timeval then, now;
char buffer[INET6_ADDRSTRLEN];
const gchar *network_targets, *port_range;
gboolean network_phase = FALSE;
......@@ -1067,13 +1066,15 @@ attack_network (struct arglist *globals, kb_t *network_kb)
* Start the attack !
*/
openvas_signal (SIGUSR1, handle_scan_stop_signal);
while (host)
while (host && !scan_is_stopped ())
{
int pid;
char *hostname;
struct in6_addr host_ip;
hostname = openvas_host_value_str (host);
hostname = openvas_host_reverse_lookup (host);
if (!hostname)
hostname = openvas_host_value_str (host);
if (openvas_host_get_addr6 (host, &host_ip) == -1)
{
log_write ("Couldn't resolve target %s", hostname);
......@@ -1103,7 +1104,7 @@ attack_network (struct arglist *globals, kb_t *network_kb)
else
{
struct attack_start_args args;
char *MAC = NULL;
char *MAC = NULL, *txt_ip;
int mac_err = -1;
int soc[2];
......@@ -1124,9 +1125,17 @@ attack_network (struct arglist *globals, kb_t *network_kb)
if (hosts_new (globals, hostname, soc[1]) < 0)
goto scan_stop;
if (scan_is_stopped ())
{
close (soc[0]);
close (soc[1]);
g_free (MAC);
g_free (hostname);
continue;
}
args.globals = globals;
memcpy (&args.hostip, &host_ip, sizeof (struct in6_addr));
args.fqdn = openvas_host_value_str (host);
args.fqdn = hostname;
args.host_mac_addr = MAC;
args.sched = sched;
args.thread_socket = soc[0];
......@@ -1156,20 +1165,15 @@ attack_network (struct arglist *globals, kb_t *network_kb)
fork_sleep (fork_retries);
goto forkagain;
}
txt_ip = addr6_as_str (&args.hostip);
hosts_set_pid (hostname, pid);
if (network_phase)
log_write ("Testing %s (network level) [%d]",
network_targets, pid);
else
log_write ("Testing %s (%s) [%d]",
hostname, inet_ntop (AF_INET6,
&args.hostip,
buffer,
sizeof (buffer)),
pid);
if (MAC != NULL)
g_free (MAC);
log_write ("Testing %s (%s) [%d]", hostname, txt_ip, pid);
g_free (txt_ip);
g_free (MAC);
}
num_tested++;
......
/* OpenVAS
* $Id: hosts.c 21952 2015-03-25 16:25:23Z kroosec $
* $Id: hosts.c 22719 2015-07-08 09:56:25Z mwiegand $
* Description: Basically creates a new process for each tested host.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -173,6 +173,8 @@ hosts_init (int soc, int max_hosts)
return 0;
}
extern int global_scan_stop;
int
hosts_new (struct arglist *globals, char *name, int soc)
{
......@@ -183,6 +185,8 @@ hosts_new (struct arglist *globals, char *name, int soc)
if (hosts_read (globals) < 0)
return -1;
}
if (global_scan_stop)
return 0;
h = g_malloc0 (sizeof (struct host));
h->name = g_strdup (name);
......@@ -227,6 +231,8 @@ void
hosts_stop_all (void)
{
struct host *host = hosts;
global_scan_stop = 1;
while (host)
{
hosts_stop_host (host);
......
/* OpenVAS
* $Id: log.c 20828 2014-11-10 19:27:21Z jan $
* $Id: log.c 22376 2015-05-13 23:36:56Z kroosec $
* Description: Manages the logfile of OpenVAS.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -48,16 +48,12 @@ void
log_init (const char *filename)
{
if ((!filename) || (!strcmp (filename, "stderr")))
{
log = stderr;
dup2 (2, 3);
}
log = stderr;
else if (!strcmp (filename, "syslog"))
{
openlog ("openvassd", 0, LOG_DAEMON);
log = NULL;
}
else
{
int fd = open (filename, O_WRONLY | O_CREAT | O_APPEND, 0644);
......@@ -67,22 +63,11 @@ log_init (const char *filename)
fprintf (stderr, "Could not open the logfile, using stderr\n");
log = stderr;
}
if (fd != 3)
{
if (dup2 (fd, 3) < 0)
{
perror ("dup2 ");
}
close (fd);
}
log = fdopen (3, "a");
log = fdopen (fd, "a");
if (log == NULL)
{
perror ("fdopen ");
log = stderr;
dup2 (2, 3);
}
setlinebuf (log);
......
/* OpenVAS
* $Id: nasl_plugins.c 22004 2015-03-31 15:06:57Z kroosec $
* $Id: nasl_plugins.c 22432 2015-05-22 15:00:12Z kroosec $
* Description: Launches NASL plugins.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -217,7 +217,7 @@ nasl_thread (struct nasl_thread_args *nargs)
struct arglist *args = nargs->args;
struct arglist *globals = arg_get_value (args, "globals");
char *name = nargs->name;
int nasl_mode = 0, soc, old_soc;
int nasl_mode = 0, soc;
kb_t kb;
GError *error = NULL;
......@@ -235,16 +235,7 @@ nasl_thread (struct nasl_thread_args *nargs)
pluginlaunch_child_cleanup ();
kb = arg_get_value (args, "key");
kb_lnk_reset (kb);
old_soc = arg_get_value_int (args, "SOCKET");
/* XXX ugly hack */
soc = dup2 (old_soc, 4);
close (old_soc);
if (soc < 0)
{
log_write ("dup2() failed ! - can not launch the plugin");
return;
}
arg_set_value (args, "SOCKET", GSIZE_TO_POINTER (soc));
soc = arg_get_value_int (args, "SOCKET");
arg_set_value (globals, "global_socket", GSIZE_TO_POINTER (soc));
proctitle_set ("openvassd: testing %s (%s)",
arg_get_value (arg_get_value (args, "HOSTNAME"), "NAME"),
......
/* OpenVAS
* $Id: openvassd.c 22004 2015-03-31 15:06:57Z kroosec $
* $Id: openvassd.c 22546 2015-06-02 15:21:47Z kroosec $
* Description: Runs the OpenVAS-scanner.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -256,6 +256,12 @@ handle_loading_stop_signal (int sig)
loading_stop_signal = sig;
}
static void
remove_pidfile ()
{
pidfile_remove ("openvassd");
}
/*
* @brief Starts a process to handle client requests while the scanner is
* loading.
......@@ -265,17 +271,33 @@ handle_loading_stop_signal (int sig)
static pid_t
loading_handler_start ()
{
pid_t child_pid;
pid_t child_pid, parent_pid;
int opts;
init_loading_shm ();
parent_pid = getpid ();
openvas_signal (SIGTERM, remove_pidfile);
child_pid = fork ();
if (child_pid != 0)
return child_pid;
proctitle_set ("openvassd (Loading Handler)");
openvas_signal (SIGTERM, handle_loading_stop_signal);
if ((opts = fcntl (global_iana_socket, F_GETFL, 0)) < 0)
{
log_write ("fcntl: %s", strerror (errno));
exit (0);
}
if (fcntl (global_iana_socket, F_SETFL, opts | O_NONBLOCK) < 0)
{
log_write ("fcntl: %s", strerror (errno));
exit (0);
}
/*
* Forked process will handle client requests until parent stops it with
* loading_handler_stop ().
* Forked process will handle client requests until parent dies or stops it
* with loading_handler_stop ().
*/
while (1)
{
......@@ -283,13 +305,17 @@ loading_handler_start ()
struct sockaddr_in6 address6;
int soc;
if (loading_stop_signal)
if (loading_stop_signal || kill (parent_pid, 0) < 0)
break;
lg_address = sizeof (struct sockaddr_in6);
soc = accept (global_iana_socket, (struct sockaddr *) (&address6),
&lg_address);
loading_client_handle (soc);
sleep (1);
}
if (fcntl (global_iana_socket, F_SETFL, opts) < 0)
log_write ("fcntl: %s", strerror (errno));
exit (0);
}
......@@ -335,6 +361,8 @@ reload_openvassd ()
openvas_signal (SIGHUP, SIG_IGN);
handler_pid = loading_handler_start ();
if (handler_pid < 0)
return;
/* Reload config file. */
config_file = prefs_get ("config_file");
prefs_init ();
......@@ -503,6 +531,7 @@ check_termination ()
if (termination_signal)
{
log_write ("Received the %s signal", strsignal (termination_signal));
remove_pidfile ();
make_em_die (SIGTERM);
log_close ();
_exit (0);
......@@ -896,6 +925,8 @@ main (int argc, char *argv[])
set_daemon_mode ();
pidfile_create ("openvassd");
handler_pid = loading_handler_start ();
if (handler_pid < 0)
return 1;
init_plugins (options);
loading_handler_stop (handler_pid);
if (!global_plugins)
......
/* OpenVAS
* $Id: pluginlaunch.c 21963 2015-03-27 10:32:44Z kroosec $
* $Id: pluginlaunch.c 22168 2015-04-20 15:01:36Z kroosec $
* Description: Manages the launching of plugins within processes.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -444,7 +444,7 @@ plugin_launch (struct arglist *globals, struct scheduler_plugin *plugin,
if (category == ACT_SCANNER)
processes[p].timeout = -1;
else
processes[p].timeout = prefs_get_bool ("plugins_timeout");
processes[p].timeout = atoi (prefs_get ("plugins_timeout") ?: "-1");
}
if (socketpair (AF_UNIX, SOCK_STREAM, 0, dsoc) < 0)
......
/* OpenVAS
* $Id: pluginload.c 22004 2015-03-31 15:06:57Z kroosec $
* $Id: pluginload.c 22229 2015-04-28 09:58:15Z mwiegand $
* Description: Loads plugins from disk into memory.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -299,13 +299,23 @@ plugins_reload_from_dir (struct arglist *plugins, char *folder)
log_write ("Stopped loading plugins: High number of errors.");
proctitle_set ("openvassd: Error loading NVTs.");
plugins_free (plugins);
#if GLIB_CHECK_VERSION (2, 28, 0)
g_slist_free_full (files, g_free);
#else
g_slist_foreach (files, (GFunc) g_free, NULL);
g_slist_free (files);
#endif
return NULL;
}
f = g_slist_next (f);
}
#if GLIB_CHECK_VERSION (2, 28, 0)
g_slist_free_full (files, g_free);
#else
g_slist_foreach (files, (GFunc) g_free, NULL);
g_slist_free (files);
#endif
proctitle_set ("openvassd: Reloaded all the NVTs.");
......
/* OpenVAS
* $Id: processes.c 21730 2015-02-27 14:49:27Z kroosec $
* $Id: processes.c 22723 2015-07-08 12:54:33Z kroosec $
* Description: Creates new threads.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -67,6 +67,7 @@ init_child_signal_handlers ()
openvas_signal (SIGINT, make_em_die);
openvas_signal (SIGQUIT, make_em_die);
openvas_signal (SIGSEGV, sighand_segv);
openvas_signal (SIGPIPE, SIG_IGN);
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment