Error whilst running specific nasl scripts

During scans, two different nasl scripts yield errors:

  1. lib nasl: …17270 (/usr/local/var/lib/openvas/plugins/gb_jdwp_detect.nasl:86) close(-1): Invalid socket value

  2. lib nasl: … 25133 (/usr/local/var/lib/openvas/plugins/sapdb_detect.nasl:65) Usage: substr(string, idx_start [,idx_end]). The given string is NULL

I am not sure if this is a problem with the gb_jdwp_detect.nasl and sapdb_detect.nasl scripts, openvas, or perhaps a library with a wrong version.

Any idea?

GVM versions

gvm: 9.0.1
openvas-scanner: 7.0.1
gvm-libs: 11.0.1


Operating system: Debian Buster

Thanks for this posting / providing this information. These messages are indeed caused by those two NASL scripts and not originating from some issues in GVM / the scanner so i have moved it into the Vulnerability Tests category.

Some background on both messages:

This is basically caused by a VT doing something like e.g.:

soc = open_sock_tcp(port);
close(sock); # Using sock instead of soc

This is nothing severe because the scanner will close such sockets opened by a NASL script on termination of that script anyway. But still NASL scripts should make sure to close all sockets as early as possible.

In this case the message is caused by something like e.g.:

send(socket:soc, data:req);
res = recv(socket:soc, length:64);

if(substr(res, 0, 6) == hex2raw(s:"40000000035c00")) {

Again this is nothing severe because substr() is just a little bit more verbose if too short data is passed. Basically a VT needs to do something like e.g. the following below before passing any data to substr():

if(!res || strlen(res) < 7)

Both message didn’t affected the functionality of these tests or the scan itself. Nonetheless such messages should be avoided where possible and an update to both NASL scripts will be published in the feeds in the next few days.

Thanks again for your report.

1 Like

Thank you cfi!
You didn’t have to explain so much but I really appreciate that you did.
I would be glad to fix these but I believe that NVTs are managed by Greenbone alone.


1 Like