nasl_var.c

大国补丁后的nessus2.2.8的源代码

  anon_nasl_var	*v1;

  if (v == NULL)
    return NULL;

  v1 = emalloc(sizeof(anon_nasl_var));
  copy_anon_var(v1, v);
  return v1;
}

static named_nasl_var*
dup_named_var(const named_nasl_var* v)
{
  named_nasl_var	*v1;

  if (v == NULL)
    return NULL;

  v1 = emalloc(sizeof(named_nasl_var));
  copy_anon_var(&v1->u, &v->u);
  v1->var_name = estrdup(v->var_name);
  return v1;
}

static void
copy_array(nasl_array *a1, const nasl_array *a2, int copy_named)
{
  int		i;
  named_nasl_var	*v1, *v2, *v;


  if (a1 == a2)
    {
#if NASL_DEBUG > 1
      nasl_perror(NULL, "copy_array: a1 == a2!\n");
#endif
      return;
    }

 if ( a1 == NULL || a2 == NULL )
 { 
    nasl_perror(NULL, "Internal inconsistency - null array\n");
    abort();
 }
 
  clear_array(a1);

  if ( a2->num_elt != NULL )
    {
      a1->max_idx = a2->max_idx;
      a1->num_elt = emalloc(sizeof(anon_nasl_var*) * a2->max_idx);
      for (i = 0; i < a2->max_idx; i ++)
	a1->num_elt[i] = dup_anon_var(a2->num_elt[i]);
    }
  if (copy_named && a2->hash_elt != NULL)
    {
      a1->hash_elt = emalloc(VAR_NAME_HASH * sizeof(named_nasl_var*));
      for (i = 0; i < VAR_NAME_HASH; i ++)
	{
	  v1= NULL;
	  for (v2 = a2->hash_elt[i]; v2 != NULL; v2 = v2->next_var)
	    {
	      v = dup_named_var(v2);
	      v->next_var = v1;
	      a1->hash_elt[i] = v;
	      v1 = v;
	    }
	}
    }
}

tree_cell*
copy_ref_array(const tree_cell* c1)
{
  tree_cell	*c2;
  nasl_array	*a2;

  if (c1 == NULL || c1 == FAKE_CELL || c1->type != REF_ARRAY)
    return NULL;

  c2 = alloc_tree_cell(0, NULL); c2->type = DYN_ARRAY;
  c2->x.ref_val = a2 = emalloc(sizeof(nasl_array));
  copy_array(a2, c1->x.ref_val, 1);
  return c2;
}

extern FILE*	nasl_trace_fp;

static tree_cell*
affect_to_anon_var(anon_nasl_var* v1, tree_cell* rval)
{
  anon_nasl_var	*v2 = NULL, v0;
  nasl_array	*a = NULL;
  int		t1, t2;
  void		*p;


  if ( v1 == NULL || v1 == FAKE_CELL )
	return NULL;

  t1 = v1->var_type;

  if (rval == NULL || rval == FAKE_CELL)
    {
#if NASL_DEBUG > 1
      nasl_perror(NULL, "nasl_affect: affecting NULL or FAKE cell undefines variable %s %s\n", get_var_name(v1), get_line_nb(rval));
#endif
      clear_anon_var(v1);
      if(nasl_trace_enabled())nasl_trace(NULL, "NASL> %s <- undef\n", get_var_name(v1));
      return NULL;
    }

  switch (rval->type)
    {
    case CONST_INT:
      t2 = VAR2_INT;
      break;
    case CONST_STR:
      t2 = VAR2_STRING;
      break;
    case CONST_DATA:
      t2 = VAR2_DATA;
      break;

    case REF_VAR:
      v2 = rval->x.ref_val;
      if (v2 == v1)
	{
#if NASL_DEBUG > 1
	  nasl_perror(NULL, "Copying variable %s to itself is useless and dangerous!\n", get_var_name(v1));
#endif
	  return FAKE_CELL;
	}
      t2 = v2->var_type;
      if (t2 == VAR2_ARRAY)
	a = &v2->v.v_arr;	/* ? */
      break;

    case REF_ARRAY:
    case DYN_ARRAY:
      a = rval->x.ref_val;
      t2 = VAR2_ARRAY;
      if (v1->var_type == VAR2_ARRAY && &v1->v.v_arr == a)
	{
#if NASL_DEBUG > 1
	  nasl_perror(NULL, "Copying array %s to itself is useless and dangerous!\n", get_var_name(v1));
#endif
	  return FAKE_CELL;
	}
      break;

    default:
      nasl_perror(NULL, "Cannot affect rvalue 0x%x to variable\n", rval->type);
      return NULL;
    }

  /*
   * Bug #146: when executing 
   *    x = 'abc'; x = x;  or   x = make_list(...); x = x[0];
   * the rvalue will be freed before it is copied to the lvalue
   */
  v0 = *v1;

  if (t1 != VAR2_UNDEF && t2 == VAR2_UNDEF)
    {
#if NASL_DEBUG > 0
      nasl_perror(NULL, "Warning: Undefining defined variable %s %s\n",
		  get_var_name(v1), get_line_nb(rval));
#endif
    }
  else if (t1 == VAR2_ARRAY && t2 != VAR2_ARRAY)
    {
#if NASL_DEBUG > 1
      nasl_perror(NULL, 
		  "Warning: affecting non array (0x%x) to array variable %s\n",
		  t2, get_line_nb(rval));
#endif
    }
  else if ((t1 == VAR2_INT || t1 == VAR2_STRING || t1 == VAR2_DATA) &&
	   t2 == VAR2_ARRAY)
    {
#if NASL_DEBUG > 1
      nasl_perror(NULL ,"Warning: affecting array to atomic variable (0x%x) %s\n",  t2, get_line_nb(rval));
#endif
    }

  /* Bug #146: this fake clear is necessary if we copy an array*/
  memset(v1, 0, sizeof(*v1));
  /* Bug #146: no risk with the type, we already copied it */
  v1->var_type = t2;

  if (rval->type != REF_VAR && rval->type != REF_ARRAY && rval->type != DYN_ARRAY)
    switch (t2)
      {
      case VAR2_INT:
	v1->v.v_int = rval->x.i_val;
	break;
      case VAR2_STRING:
      case VAR2_DATA:
        if( rval->x.str_val == NULL )
	  {
	    v1->v.v_str.s_val = NULL;
	    v1->v.v_str.s_siz = 0;
	  }
	else
	  {
	    p = emalloc(rval->size+1);
	    memcpy(p, rval->x.str_val, rval->size+1);
	    v1->v.v_str.s_siz = rval->size;
	    v1->v.v_str.s_val = p;
	  }
	break;
      }
  else				/* REF_xxx */
    switch(t2)
      {
      case VAR2_INT:
	v1->v.v_int = v2->v.v_int;
	break;
      case VAR2_STRING:
      case VAR2_DATA:
        if(v2->v.v_str.s_val == NULL)
	  {
	    v1->v.v_str.s_val = NULL;
	    v1->v.v_str.s_siz = 0;
	  }
	else
	  {
	    p = emalloc(v2->v.v_str.s_siz);
	    memcpy(p, v2->v.v_str.s_val, v2->v.v_str.s_siz);
	    v1->v.v_str.s_siz = v2->v.v_str.s_siz;
	    v1->v.v_str.s_val = p;
	  }
	break;
      case VAR2_ARRAY:
	copy_array(&v1->v.v_arr, a, 1);
#if 0
	/* MA 2004-08-13: I guess that the code changed somewhere some day and
	 * this part created a memory leak */
	if (v0.var_type == VAR2_ARRAY)
	  bzero(&v0, sizeof(v0));	/* So that we don't clear the variable twice */
#endif
	break;
      }

  if (nasl_trace_fp != NULL)
    switch(t2)
      {
      case VAR2_INT:
	nasl_trace(NULL, "NASL> %s <- %d\n", get_var_name(v1), v1->v.v_int);
	break;
      case VAR2_STRING:
      case VAR2_DATA:
	nasl_trace(NULL, "NASL> %s <- \"%s\"\n", get_var_name(v1), v1->v.v_str.s_val);
	break;
      case VAR2_ARRAY:
	nasl_trace(NULL, "NASL> %s <- (VAR2_ARRAY)\n", get_var_name(v1));
	break;
      default:
	nasl_trace(NULL, "NASL> %s <- (Type 0x%x)\n", get_var_name(v1), t2);
	break;
      }

  clear_anon_var(&v0);
  return FAKE_CELL;
}

tree_cell*
nasl_affect(tree_cell* lval, tree_cell* rval)
{
  anon_nasl_var	*v1 = NULL;
  
  if(lval == NULL)
  {
   nasl_perror(NULL, "nasl_effect: invalid lvalue\n");
   return NULL;
  }

  if (lval->type != REF_VAR)
    {
      nasl_perror(NULL, "nasl_affect: cannot affect to non variable %s\n",
	      nasl_type_name(lval->type));
      return NULL;
    }

  v1 = lval->x.ref_val;
  return affect_to_anon_var(v1, rval);
}

static named_nasl_var*
create_named_var(const char* name, tree_cell* val)
{
  named_nasl_var	*v = emalloc(sizeof(named_nasl_var));
  tree_cell		*tc;

  if (name != NULL)
    v->var_name = estrdup(name);

  if (val == NULL || val == FAKE_CELL)
    {
#if NASL_DEBUG > 1
      nasl_perror(NULL, "create_named_var: affecting NULL or FAKE cell to variable %s\n", get_var_name(v));
#endif
      v->u.var_type = VAR2_UNDEF;
      return v;
    }

  tc = affect_to_anon_var(&v->u, val);
  /* Here we might test the return value */
  deref_cell(tc);
  return v;
}

static anon_nasl_var*
create_anon_var(tree_cell* val)
{
  anon_nasl_var	*v = emalloc(sizeof(anon_nasl_var));
  tree_cell		*tc;

  if (val == NULL || val == FAKE_CELL)
    {
#if NASL_DEBUG > 1
      nasl_perror(NULL, "create_anon_var: affecting NULL or FAKE cell to variable %s\n", get_var_name(v));
#endif
      v->var_type = VAR2_UNDEF;
      return v;
    }

  tc = affect_to_anon_var(v, val);
  /* Here we might test the return value */
  deref_cell(tc);
  return v;
}

tree_cell* 
decl_local_variables(lex_ctxt* lexic, tree_cell* vars)
{
  tree_cell	*t;

  for (t = vars; t != NULL; t = t->link[0])
    if (t->x.str_val == NULL)
      nasl_perror(lexic, "decl_local_variables: null name!\n");
    else
      add_named_var_to_ctxt(lexic, t->x.str_val, NULL);
  return FAKE_CELL;
}

tree_cell*
decl_global_variables(lex_ctxt* lexic, tree_cell* vars)
{
  lex_ctxt	*c = lexic;

  while (c->up_ctxt != NULL)
    c = c->up_ctxt;
  return decl_local_variables(c, vars);
}

anon_nasl_var*
add_numbered_var_to_ctxt(lex_ctxt* lexic, int num, tree_cell* val)
{
  anon_nasl_var	*v;
  nasl_array		*a = &lexic->ctx_vars;

  if (a->max_idx > num)
    {
      v = a->num_elt[num];
      if (v != NULL && v->var_type != VAR2_UNDEF)
	{
	  if (val != NULL)
	    nasl_perror(lexic, "Cannot add existing variable %d\n", num);
#if NASL_DEBUG > 0
	  else
	    nasl_perror(lexic, "Will not clear existing variable %d\n", num);
#endif
	  return NULL;
	}
      free_anon_var(a->num_elt[num]);
    }
  else
    {
      a->num_elt = erealloc(a->num_elt, (num+1) * sizeof(anon_nasl_var));
      bzero(a->num_elt + a->max_idx, sizeof(anon_nasl_var*) * (num+1 - a->max_idx));
      a->max_idx = num + 1;
    }
  a->num_elt[num] = v = create_anon_var(val);
  return v;
}

named_nasl_var*
add_named_var_to_ctxt(lex_ctxt* lexic, const char* name, tree_cell* val)
{
  int			h = hash_str(name);
  named_nasl_var	*v;
  
  /* Duplicated code ? */
  for (v = lexic->ctx_vars.hash_elt[h]; v != NULL; v = v->next_var)
    if (v->var_name != NULL && strcmp(name, v->var_name) == 0)
      {
	if (val != NULL)
	  nasl_perror(lexic, "Cannot add existing variable %s\n", name);
#if NASL_DEBUG > 0
	else
	  nasl_perror(lexic, "Will not clear existing variable %s\n", name);
#endif
	return NULL;
      }
  v = create_named_var(name, val);
  if (v == NULL)
    return NULL;
  v->next_var = lexic->ctx_vars.hash_elt[h];
  lexic->ctx_vars.hash_elt[h] = v;
  return v;
}


tree_cell*
nasl_read_var_ref(lex_ctxt* lexic, tree_cell* tc)
{
  tree_cell	*ret;
  anon_nasl_var	*v;
#if NASL_DEBUG > 0
  const char		*name;
#endif

  if (tc == NULL || tc == FAKE_CELL)
    {
      nasl_perror(lexic, "nasl_read_var_ref: cannot read NULL or FAKE cell\n");
      return NULL;
    }
  if (tc->type != REF_VAR)
    {
      nasl_perror(lexic, "nasl_read_var_ref: argument (type=%d) is not REF_VAR %s\n", tc->type, get_line_nb(tc));
      return NULL;
    }

  v = tc->x.ref_val;
  if (v == NULL)
    {
#if NASL_DEBUG > 0
      nasl_perror(lexic, "nasl_read_var_ref: NULL variable in REF_VAR\n");
#endif
      return NULL;
    }

  ret = alloc_tree_cell(tc->line_nb, NULL);

  switch (v->var_type)
    {
    case VAR2_INT:
      ret->type = CONST_INT;
      ret->x.i_val = v->v.v_int;
      if(nasl_trace_enabled())nasl_trace(lexic, "NASL> %s -> %d\n", get_var_name(v), ret->x.i_val);
      return ret;

    case VAR2_STRING:
      ret->type = CONST_STR;
      /* Fix bad string length */
      if (v->v.v_str.s_siz <= 0 && v->v.v_str.s_val[0] != '\0')
	{
	  v->v.v_str.s_siz = strlen((char*)v->v.v_str.s_val);
	  nasl_perror(lexic, "nasl_read_var_ref: Bad string length fixed\n");
	}
      /* Go on next case */
    case VAR2_DATA:
      ret->type = v->var_type == VAR2_STRING ? CONST_STR : CONST_DATA;
      if(v->v.v_str.s_val == NULL)
      {
       ret->x.str_val = NULL;
       ret->size = 0;
      }
      else
      {
       ret->x.str_val = emalloc(v->v.v_str.s_siz);
       memcpy(ret->x.str_val, v->v.v_str.s_val, v->v.v_str.s_siz);
       ret->size = v->v.v_str.s_siz;
      }
      if(nasl_trace_enabled())nasl_trace(lexic, "NASL> %s -> \"%s\"\n", get_var_name(v), ret->x.str_val);
      return ret;

    case VAR2_ARRAY:
      ret->type = REF_ARRAY;
      ret->x.ref_val = &v->v.v_arr;
      return ret;

    case VAR2_UNDEF:
#if NASL_DEBUG > 0
      name = get_var_name(v);
      if (strcmp(name, "NULL") != 0) /* special case */
	nasl_perror(lexic, "nasl_read_var_ref: variable %s is undefined %s\n",
		    name, get_line_nb(tc));
#endif
      if(nasl_trace_enabled())nasl_trace(lexic, "NASL> %s -> undef\n", get_var_name(v), v->var_type);
      break;

    default:
      nasl_perror(lexic, "nasl_read_var_ref: unhandled variable type %d\n",
	      v->var_type);
      if(nasl_trace_enabled())nasl_trace(lexic, "NASL> %s -> ???? (Var type %d)\n", get_var_name(v), v->var_type);
      break;
    }
  deref_cell(ret);
  return NULL;
}


tree_cell*
nasl_incr_variable(lex_ctxt* lexic, tree_cell* tc, int pre, int val)
{
  anon_nasl_var	*v;
  int		old_val = 0, new_val;
  tree_cell	*retc;

  if (tc->type != REF_VAR)
    {
      nasl_perror(lexic,
	      "nasl_incr_variable: argument (type=%d) is not REF_VAR %s\n",
	      tc->type, get_line_nb(tc));
      return NULL;
    }

  v = tc->x.ref_val;

  switch (v->var_type)
    {
    case VAR2_INT:
      old_val = v->v.v_int;
      break;
    case VAR2_STRING:
    case VAR2_DATA:
#if NASL_DEBUG > 0