Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vuls scan --debug cause invalid memory address error #397

Closed
lv7777 opened this issue Mar 22, 2017 · 3 comments
Closed

vuls scan --debug cause invalid memory address error #397

lv7777 opened this issue Mar 22, 2017 · 3 comments

Comments

@lv7777
Copy link
Contributor

lv7777 commented Mar 22, 2017
edited
Loading

Environment

root@kaliProvisional:~/.ssh# uname -a
Linux kaliProvisional 4.6.0-kali1-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux

Vuls


 commit 9dd2da8ed18ada09fc5b0442c2dd6e049ef0af05 

$ vuls -v

or
$ cd $GOPATH/src/github.com/future-architect/vuls 
$ git rev-parse --short HEAD 

## OS

kali linux

## Go
- Go version: go version go1.7.4 linux/amd64

# Current Output

`vuls configtest --debug` is path through.

the program is stopping after `Panic: runtime error: invalid memory address or nil pointer dereference on localhost`

```
zsh-common:
  Installed: 5.2-5
  Candidate: 5.3.1-3
  Version table:
     5.3.1-3 500
        500 http://http.kali.org/kali kali-rolling/main amd64 Packages
 *** 5.2-5 100
        100 /var/lib/dpkg/status

  stderr: 
  err: %!s(<nil>)
[Mar 22 08:56:25] DEBUG [localhost] Ensure changelog cache: localhost
[Mar 22 08:56:25] DEBUG [localhost] Panic: runtime error: invalid memory address or nil pointer dereference on localhost
^C
```


# Addition Details

I am tracking error point using "printf debug", and I revealed error point.

the memory access error is cause `ensureChangelogCache`

https://github.com/future-architect/vuls/blob/master/scan/debian.go#L276

`cached, found, err := cache.DB.GetMeta(current.Name)`

current.Name passed to `localhost`
I am debuged cache.DB.GetMeta,but this func is not called(when i settle `fmt.Printf` in cache.DB.GetMeta function,this is not called)




Can you also please fill in each of the remaining sections.

## Expected Behavior

plogram is not stop.

## Actual Behavior

plogram is stoping

## Steps to reproduce the behaviour
1. install vuls
2. write config.toml
```
[servers]

[servers.localhost]
host="127.0.0.1"
port="22"
user="root"
keyPath="/root/.ssh/id_rsa"
```
3. `vuls scan --debug`
@lv7777 lv7777 mentioned this issue Mar 22, 2017
Closed
@lv7777
Copy link
Contributor Author

lv7777 commented Mar 29, 2017

I am installed clean kali linux on vm, but the problem is occurred...
screenshot from 2017-03-29 03-16-50

@knqyf263
Copy link
Contributor

@lv7777 Thank you for the report!
I reproduced this issue and revealed the cause.
This is because cache.DB is null.

You must add kali to the following line
https://github.com/future-architect/vuls/blob/master/scan/serverapi.go#L425

Although this error will be resolved, the vulnerable packages will not be detected.
I tried to use apt-get changelog on Kali Linux, but I could not use it.

vuls uses changelog to detect the vulnerable packages.
So, it seems to be difficult to support Kali Linux right away...

@knqyf263
Copy link
Contributor

Currently, Kali Linux is not supported.
Please watch the following issue.
#398

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@knqyf263 @lv7777