[Openvas-discuss] Scanning a hostname with more then three dots
rm4dillo at gmail.com
Thu Jun 21 12:59:44 CEST 2012
Well, after fixing this bug, I encountered a second issue ; the
scanner overwrites my target's hostname by performing a reverse lookup
on it's IP address ( "www.target.com" == lookup ==> "188.8.131.52"
== reverse lookup ==> "virtual.hosting.com").
I was able to fix this by applying the following patch :
--- hosts_gatherer.c (revision 13635)
+++ hosts_gatherer.c (working copy)
@@ -192,7 +192,7 @@
- if (host->hostname && (!hg_valid_ip_addr (host->hostname)))
+ if (host->hostname)
strncpy (hostname, host->hostname, sz - 1);
as I don't thing that "hostname" has to be a valid IP address.
The only comment I could found about this code was the following
commit message "First set of changes to openvas-libraries towards IPv6
On Thu, Jun 21, 2012 at 11:41 AM, rm4dillo D <rm4dillo at gmail.com> wrote:
> Great ! Thank you !
> On Tue, Jun 19, 2012 at 5:42 PM, Matthew Mundell
> <matthew.mundell at greenbone.net> wrote:
>>> I've been trying to create a target using the following hostname
>>> "a.b.c.example.com" (4 dots) but it didn't work while
>>> "b.c.example.com" (3 dots) works. This seems to be due to the
>>> following check which is mistakenly applied even if the host is
>>> alphanumeric. I think it should be moved somewhere deeper in
>>> openvas-manager-3.0.1-modified/src/manage_sql.c (validate_host):
>>> 21448 : if (g_strv_length (split) > 4)
>>> 21449 : return 1;
>> Thanks. That was solved in trunk r13492 on 2012-05-24. I've now
>> backported to the openvas-manager-3.0 branch (r13621) so it should appear
>> in the next stable release.
>> Greenbone Networks GmbH
>> Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
>> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
More information about the Openvas-discuss