OpenVAS Scanner  22.7.9
exec.c
Go to the documentation of this file.
1 /* SPDX-FileCopyrightText: 2023 Greenbone AG
2  * SPDX-FileCopyrightText: 2002-2004 Tenable Network Security
3  *
4  * SPDX-License-Identifier: GPL-2.0-only
5  */
6 
7 #define _GNU_SOURCE
8 
9 #include "exec.h"
10 
11 #include "../misc/plugutils.h"
12 #include "lint.h"
13 #include "nasl.h"
14 #include "nasl_debug.h"
15 #include "nasl_func.h"
16 #include "nasl_global_ctxt.h"
17 #include "nasl_init.h"
18 #include "nasl_lex_ctxt.h"
19 #include "nasl_tree.h"
20 #include "nasl_var.h"
21 
22 #include <errno.h> /* for errno */
23 #include <glib.h> /* for g_get_current_dir and others */
24 #include <glib/gstdio.h> /* for g_chdir */
25 #include <gvm/base/logging.h>
26 #include <gvm/base/prefs.h> /* for prefs_get */
27 #include <gvm/util/nvticache.h> /* for nvticache_get_kb */
28 #include <regex.h>
29 #include <stdlib.h> /* for srand48 */
30 #include <string.h> /* for strlen */
31 #include <string.h> /* for memmem */
32 #include <unistd.h> /* for getpid */
33 
34 #undef G_LOG_DOMAIN
35 
38 #define G_LOG_DOMAIN "lib nasl"
39 
40 extern int
41 naslparse (naslctxt *, int *);
42 
43 static int
45 {
46  tree_cell *c2;
47  int flag;
48 
49  if (c == NULL || c == FAKE_CELL)
50  return 0;
51 
52  switch (c->type)
53  {
54  case CONST_INT:
55  return c->x.i_val != 0;
56 
57  case CONST_STR:
58  case CONST_DATA:
59  return c->size != 0;
60 
61  case REF_ARRAY:
62  case DYN_ARRAY:
63  /*nasl_perror(lexic, "cell2bool: converting array to boolean does not make
64  * sense!\n"); */
65  return 1;
66 
67  default:
68  c2 = nasl_exec (lexic, c);
69  flag = cell2bool (lexic, c2);
70  deref_cell (c2);
71  return flag;
72  }
73 }
74 
75 static long int
76 cell2int3 (lex_ctxt *lexic, tree_cell *c, int warn, named_nasl_var *v)
77 {
78  tree_cell *c2 = NULL;
79  long int x;
80  char *p = NULL;
81 
82  if (c == NULL || c == FAKE_CELL) /* Do not SEGV on undefined variables */
83  return 0;
84 
85  switch (c->type)
86  {
87  case CONST_INT:
88  return c->x.i_val;
89 
90  case CONST_STR:
91  case CONST_DATA:
92  x = strtol (c->x.str_val, &p, 0);
93  if (*p != '\0' && warn)
94  if (warn)
95  {
96  if (v)
97  nasl_perror (lexic,
98  "Converting the non numeric string '%s' in variable "
99  "'%s' to integer does not make sense in this "
100  "context",
101  c->x.str_val,
102  v->var_name != NULL ? v->var_name : "(null)");
103  else
104  nasl_perror (lexic,
105  "Converting the non numeric string '%s' to "
106  "integer does not make sense in this context",
107  c->x.str_val);
108  }
109  return x;
110 
111  case REF_VAR:
112  v = c->x.ref_val;
113  /* fallthrough */
114 
115  default:
116  c2 = nasl_exec (lexic, c);
117  x = cell2int3 (lexic, c2, warn, v);
118  deref_cell (c2);
119  return x;
120  }
121 }
122 
123 static long int
125 {
126  return cell2int3 (lexic, c, 0, NULL);
127 }
128 
129 static long int
131 {
132  return cell2int3 (lexic, c, 1, NULL);
133 }
134 
135 static tree_cell *
136 int2cell (long int x)
137 {
138  tree_cell *c = alloc_expr_cell (0, CONST_INT, NULL, NULL);
139  c->x.i_val = x;
140  return c;
141 }
142 
143 static tree_cell *
144 bool2cell (long int x)
145 {
146  return int2cell (x != 0);
147 }
148 
149 static char *
151 {
152  char *p;
153  tree_cell *c2;
154  nasl_array *a;
155 
156  if (c == NULL || c == FAKE_CELL)
157  return NULL;
158 
159  switch (c->type)
160  {
161  case CONST_INT:
162  return g_strdup_printf ("%ld", c->x.i_val);
163 
164  case CONST_STR:
165  case CONST_DATA:
166  if (c->x.str_val == NULL)
167  p = g_strdup ("");
168  else
169  {
170  p = g_malloc0 (c->size + 1);
171  memcpy (p, c->x.str_val, c->size);
172  }
173  return p;
174 
175  case REF_ARRAY:
176  case DYN_ARRAY:
177  a = c->x.ref_val;
178  return array2str (a);
179 
180  default:
181  c2 = nasl_exec (lexic, c);
182  p = cell2str (lexic, c2);
183  deref_cell (c2);
184  if (p == NULL)
185  p = g_strdup ("");
186  return p;
187  }
188 }
189 
193 tree_cell *
195 {
196  tree_cell *c2 = NULL, *ret = NULL;
197  if (c1 == NULL || c1 == FAKE_CELL)
198  return c1;
199 
200  switch (c1->type)
201  {
202  case CONST_INT:
203  case CONST_STR:
204  case CONST_DATA:
205  case REF_ARRAY:
206  case DYN_ARRAY:
207  ref_cell (c1);
208  return c1;
209  default:
210  c2 = nasl_exec (lexic, c1);
211  ret = cell2atom (lexic, c2);
212  deref_cell (c2);
213  return ret;
214  }
215 }
216 
217 long int
219 {
220  int flag, typ, typ1, typ2;
221  long int x1, x2;
222  char *s1, *s2;
223  int len_s1, len_s2, len_min;
224 
225  if (c1 == NULL || c1 == FAKE_CELL)
226  nasl_perror (lexic, "cell_cmp: c1 == NULL !\n");
227  if (c2 == NULL || c2 == FAKE_CELL)
228  nasl_perror (lexic, "cell_cmp: c2 == NULL !\n");
229 
230  /* We first convert the cell to atomic types. */
231  c1 = cell2atom (lexic, c1);
232  c2 = cell2atom (lexic, c2);
233 
234  /*
235  * Comparing anything to something else which is entirely different
236  * may lead to unpredictable results.
237  * Here are the rules:
238  * 1. No problem with same types, although we do not compare arrays yet
239  * 2. No problem with CONST_DATA / CONST_STR
240  * 3. When an integer is compared to a string, the integer is converted
241  * 4. When NULL is compared to an integer, it is converted to 0
242  * 5. When NULL is compared to a string, it is converted to ""
243  * 6. NULL is "smaller" than anything else (i.e. an array)
244  * Anything else is an error
245  */
246  typ1 = cell_type (c1);
247  typ2 = cell_type (c2);
248 
249  if (typ1 == 0 && typ2 == 0) /* Two NULL */
250  {
251  deref_cell (c1);
252  deref_cell (c2);
253  return 0;
254  }
255 
256  if (typ1 == typ2) /* Same type, no problem */
257  typ = typ1;
258  else if ((typ1 == CONST_DATA || typ1 == CONST_STR)
259  && (typ2 == CONST_DATA || typ2 == CONST_STR))
260  typ = CONST_DATA; /* Same type in fact (string) */
261  /* We convert an integer into a string before compare */
262  else if ((typ1 == CONST_INT && (typ2 == CONST_DATA || typ2 == CONST_STR))
263  || (typ2 == CONST_INT && (typ1 == CONST_DATA || typ1 == CONST_STR)))
264  typ = CONST_DATA;
265  else if (typ1 == 0) /* 1st argument is null */
266  if (typ2 == CONST_INT || typ2 == CONST_DATA || typ2 == CONST_STR)
267  typ = typ2; /* We convert it to 0 or "" */
268  else
269  {
270  deref_cell (c1);
271  deref_cell (c2);
272  return -1; /* NULL is smaller than anything else */
273  }
274  else if (typ2 == 0) /* 2nd argument is null */
275  if (typ1 == CONST_INT || typ1 == CONST_DATA || typ1 == CONST_STR)
276  typ = typ1; /* We convert it to 0 or "" */
277  else
278  {
279  deref_cell (c1);
280  deref_cell (c2);
281  return 1; /* Anything else is greater than NULL */
282  }
283  else
284  {
285  gchar *n1, *n2;
286 
287  n1 = cell2str (lexic, c1);
288  n2 = cell2str (lexic, c2);
289  nasl_perror (lexic,
290  "cell_cmp: comparing '%s' of type %s and '%s' of "
291  "type %s does not make sense\n",
292  n1, nasl_type_name (typ1), n2, nasl_type_name (typ2));
293  g_free (n1);
294  g_free (n2);
295  deref_cell (c1);
296  deref_cell (c2);
297  return 0;
298  }
299 
300  switch (typ)
301  {
302  case CONST_INT:
303  x1 = cell2int (lexic, c1);
304  x2 = cell2int (lexic, c2);
305  deref_cell (c1);
306  deref_cell (c2);
307  return x1 - x2;
308 
309  case CONST_STR:
310  case CONST_DATA:
311  s1 = cell2str (lexic, c1);
312  if (typ1 == CONST_STR || typ1 == CONST_DATA)
313  len_s1 = c1->size;
314  else if (s1 == NULL)
315  len_s1 = 0;
316  else
317  len_s1 = strlen (s1);
318 
319  s2 = cell2str (lexic, c2);
320  if (typ2 == CONST_STR || typ2 == CONST_DATA)
321  len_s2 = c2->size;
322  else if (s2 == NULL)
323  len_s2 = 0;
324  else
325  len_s2 = strlen (s2);
326 
327  len_min = len_s1 < len_s2 ? len_s1 : len_s2;
328  flag = 0;
329 
330  if (len_min > 0)
331  flag = memcmp (s1, s2, len_min);
332  if (flag == 0)
333  flag = len_s1 - len_s2;
334 
335  g_free (s1);
336  g_free (s2);
337  deref_cell (c1);
338  deref_cell (c2);
339  return flag;
340 
341  case REF_ARRAY:
342  case DYN_ARRAY:
343  g_message ("cell_cmp: cannot compare arrays yet");
344  deref_cell (c1);
345  deref_cell (c2);
346  return 0;
347 
348  default:
349  g_message ("cell_cmp: don't known how to compare %s and %s",
350  nasl_type_name (typ1), nasl_type_name (typ2));
351  deref_cell (c1);
352  deref_cell (c2);
353  return 0;
354  }
355 }
356 
357 FILE *nasl_trace_fp = NULL;
358 
359 lex_ctxt *truc = NULL;
360 
361 static void
362 nasl_dump_expr (FILE *fp, const tree_cell *c)
363 {
364  if (c == NULL)
365  fprintf (fp, "NULL");
366  else if (c == FAKE_CELL)
367  fprintf (fp, "FAKE");
368  else
369  switch (c->type)
370  {
371  case NODE_VAR:
372  fprintf (fp, "%s", c->x.str_val);
373  break;
374  case EXPR_AND:
375  fprintf (fp, "(");
376  nasl_dump_expr (fp, c->link[0]);
377  fprintf (fp, ") && (");
378  nasl_dump_expr (fp, c->link[1]);
379  fprintf (fp, ")");
380  break;
381  case EXPR_OR:
382  fprintf (fp, "(");
383  nasl_dump_expr (fp, c->link[0]);
384  fprintf (fp, ") || (");
385  nasl_dump_expr (fp, c->link[1]);
386  fprintf (fp, ")");
387  break;
388  case EXPR_NOT:
389  fprintf (fp, "! (");
390  nasl_dump_expr (fp, c->link[0]);
391  fprintf (fp, ")");
392  break;
393  case EXPR_PLUS:
394  fprintf (fp, "(");
395  nasl_dump_expr (fp, c->link[0]);
396  fprintf (fp, ") + (");
397  nasl_dump_expr (fp, c->link[1]);
398  fprintf (fp, ")");
399  break;
400  case EXPR_MINUS:
401  fprintf (fp, "(");
402  nasl_dump_expr (fp, c->link[0]);
403  fprintf (fp, ") - (");
404  nasl_dump_expr (fp, c->link[1]);
405  fprintf (fp, ")");
406  break;
407 
408  case EXPR_INCR:
409  if (c->link[0] == NULL)
410  {
411  fprintf (fp, " ++");
412  nasl_dump_expr (fp, c->link[1]);
413  }
414  else
415  {
416  nasl_dump_expr (fp, c->link[0]);
417  fprintf (fp, "++ ");
418  }
419  break;
420  case EXPR_DECR:
421  if (c->link[0] == NULL)
422  {
423  fprintf (fp, " --");
424  nasl_dump_expr (fp, c->link[1]);
425  }
426  else
427  {
428  nasl_dump_expr (fp, c->link[0]);
429  fprintf (fp, "-- ");
430  }
431  break;
432 
434  case EXPR_EXPO:
435  fprintf (fp, "(");
436  nasl_dump_expr (fp, c->link[0]);
437  fprintf (fp, ") ** (");
438  nasl_dump_expr (fp, c->link[1]);
439  fprintf (fp, ")");
440  break;
441 
442  case EXPR_U_MINUS:
443  fprintf (fp, " - (");
444  nasl_dump_expr (fp, c->link[0]);
445  fprintf (fp, ")");
446  break;
447 
448  case EXPR_MULT:
449  fprintf (fp, "(");
450  nasl_dump_expr (fp, c->link[0]);
451  fprintf (fp, ") * (");
452  nasl_dump_expr (fp, c->link[1]);
453  fprintf (fp, ")");
454  break;
455  case EXPR_DIV:
456  fprintf (fp, "(");
457  nasl_dump_expr (fp, c->link[0]);
458  fprintf (fp, ") / (");
459  nasl_dump_expr (fp, c->link[1]);
460  fprintf (fp, ")");
461  break;
462  case EXPR_MODULO:
463  fprintf (fp, "(");
464  nasl_dump_expr (fp, c->link[0]);
465  fprintf (fp, ") %% (");
466  nasl_dump_expr (fp, c->link[1]);
467  fprintf (fp, ")");
468  break;
469  case EXPR_BIT_AND:
470  fprintf (fp, "(");
471  nasl_dump_expr (fp, c->link[0]);
472  fprintf (fp, ") & (");
473  nasl_dump_expr (fp, c->link[1]);
474  fprintf (fp, ")");
475  break;
476  case EXPR_BIT_OR:
477  fprintf (fp, "(");
478  nasl_dump_expr (fp, c->link[0]);
479  fprintf (fp, ") | (");
480  nasl_dump_expr (fp, c->link[1]);
481  fprintf (fp, ")");
482  break;
483  case EXPR_BIT_XOR:
484  fprintf (fp, "(");
485  nasl_dump_expr (fp, c->link[0]);
486  fprintf (fp, ") ^ (");
487  nasl_dump_expr (fp, c->link[1]);
488  fprintf (fp, ")");
489  break;
490  case EXPR_BIT_NOT:
491  fprintf (fp, "~ (");
492  nasl_dump_expr (fp, c->link[0]);
493  fprintf (fp, ")");
494  break;
495  case EXPR_L_SHIFT:
496  fprintf (fp, "(");
497  nasl_dump_expr (fp, c->link[0]);
498  fprintf (fp, ") << (");
499  nasl_dump_expr (fp, c->link[1]);
500  fprintf (fp, ")");
501  break;
502  case EXPR_R_SHIFT:
503  fprintf (fp, "(");
504  nasl_dump_expr (fp, c->link[0]);
505  fprintf (fp, ") >> (");
506  nasl_dump_expr (fp, c->link[1]);
507  fprintf (fp, ")");
508  break;
509  case EXPR_R_USHIFT:
510  fprintf (fp, "(");
511  nasl_dump_expr (fp, c->link[0]);
512  fprintf (fp, ") >>> (");
513  nasl_dump_expr (fp, c->link[1]);
514  fprintf (fp, ")");
515  break;
516  case COMP_MATCH:
517  nasl_dump_expr (fp, c->link[0]);
518  fprintf (fp, " >< ");
519  nasl_dump_expr (fp, c->link[1]);
520  break;
521  case COMP_NOMATCH:
522  nasl_dump_expr (fp, c->link[0]);
523  fprintf (fp, " >!< ");
524  nasl_dump_expr (fp, c->link[1]);
525  break;
526 
527  case COMP_RE_MATCH:
528  nasl_dump_expr (fp, c->link[0]);
529  fprintf (fp, " =~ ");
530  nasl_dump_expr (fp, c->link[1]);
531  break;
532 
533  case COMP_RE_NOMATCH:
534  nasl_dump_expr (fp, c->link[0]);
535  fprintf (fp, " !~ ");
536  nasl_dump_expr (fp, c->link[1]);
537  break;
538 
539  case COMP_LT:
540  nasl_dump_expr (fp, c->link[0]);
541  fprintf (fp, " < ");
542  nasl_dump_expr (fp, c->link[1]);
543  break;
544  case COMP_LE:
545  nasl_dump_expr (fp, c->link[0]);
546  fprintf (fp, " <= ");
547  nasl_dump_expr (fp, c->link[1]);
548  break;
549  case COMP_GT:
550  nasl_dump_expr (fp, c->link[0]);
551  fprintf (fp, " > ");
552  nasl_dump_expr (fp, c->link[1]);
553  break;
554  case COMP_GE:
555  nasl_dump_expr (fp, c->link[0]);
556  fprintf (fp, " >= ");
557  nasl_dump_expr (fp, c->link[1]);
558  break;
559  case COMP_EQ:
560  nasl_dump_expr (fp, c->link[0]);
561  fprintf (fp, " == ");
562  nasl_dump_expr (fp, c->link[1]);
563  break;
564  case CONST_INT:
565  fprintf (fp, "%ld", c->x.i_val);
566  break;
567  case CONST_STR:
568  case CONST_DATA:
569  fprintf (fp, "\"%s\"", c->x.str_val);
570  break;
571 
572  case NODE_ARRAY_EL:
573  fprintf (fp, "%s[", c->x.str_val);
574  nasl_dump_expr (fp, c->link[0]);
575  fprintf (fp, "]");
576  break;
577 
578  case NODE_FUN_CALL:
579  fprintf (fp, "%s(...)", c->x.str_val);
580  break;
581 
582  case NODE_AFF:
583  nasl_dump_expr (fp, c->link[0]);
584  putc ('=', fp);
585  nasl_dump_expr (fp, c->link[1]);
586  break;
587 
588  case NODE_PLUS_EQ:
589  nasl_dump_expr (fp, c->link[0]);
590  fprintf (fp, "+= (");
591  nasl_dump_expr (fp, c->link[1]);
592  fprintf (fp, ")");
593  break;
594 
595  case NODE_MINUS_EQ:
596  nasl_dump_expr (fp, c->link[0]);
597  fprintf (fp, "-= (");
598  nasl_dump_expr (fp, c->link[1]);
599  fprintf (fp, ")");
600  break;
601 
602  case NODE_MULT_EQ:
603  nasl_dump_expr (fp, c->link[0]);
604  fprintf (fp, "*= (");
605  nasl_dump_expr (fp, c->link[1]);
606  fprintf (fp, ")");
607  break;
608 
609  case NODE_DIV_EQ:
610  nasl_dump_expr (fp, c->link[0]);
611  fprintf (fp, "/= (");
612  nasl_dump_expr (fp, c->link[1]);
613  fprintf (fp, ")");
614  break;
615 
616  case NODE_MODULO_EQ:
617  nasl_dump_expr (fp, c->link[0]);
618  fprintf (fp, "%%= (");
619  nasl_dump_expr (fp, c->link[1]);
620  fprintf (fp, ")");
621  break;
622 
623  case NODE_L_SHIFT_EQ:
624  nasl_dump_expr (fp, c->link[0]);
625  fprintf (fp, " <<= (");
626  nasl_dump_expr (fp, c->link[1]);
627  fprintf (fp, ")");
628  break;
629 
630  case NODE_R_SHIFT_EQ:
631  nasl_dump_expr (fp, c->link[0]);
632  fprintf (fp, " >>= (");
633  nasl_dump_expr (fp, c->link[1]);
634  fprintf (fp, ")");
635  break;
636 
637  case NODE_R_USHIFT_EQ:
638  nasl_dump_expr (fp, c->link[0]);
639  fprintf (fp, " >>>= (");
640  nasl_dump_expr (fp, c->link[1]);
641  fprintf (fp, ")");
642  break;
643 
644  default:
645  fprintf (fp, "*%d*", c->type);
646  break;
647  }
648 }
649 
650 static void
651 nasl_short_dump (FILE *fp, const tree_cell *c)
652 {
653  if (c == NULL || c == FAKE_CELL)
654  return;
655 
656  switch (c->type)
657  {
658  case NODE_IF_ELSE:
659  fprintf (fp, "NASL:%04d> if (", c->line_nb);
660  nasl_dump_expr (fp, c->link[0]);
661  fprintf (fp, ") { ... }");
662  if (c->link[2] != NULL)
663  fprintf (fp, " else { ... }");
664  putc ('\n', fp);
665  break;
666 
667  case NODE_FOR:
668  fprintf (fp, "NASL:%04d> for (", c->line_nb);
669  nasl_dump_expr (fp, c->link[0]);
670  fprintf (fp, "; ");
671  nasl_dump_expr (fp, c->link[1]);
672  fprintf (fp, "; ");
673  nasl_dump_expr (fp, c->link[2]);
674  fprintf (fp, ") { ... }\n");
675  break;
676 
677  case NODE_WHILE:
678  fprintf (fp, "NASL:%04d> while (", c->line_nb);
679  nasl_dump_expr (fp, c->link[0]);
680  fprintf (fp, ") { ... }\n");
681  break;
682 
683  case NODE_FOREACH:
684  fprintf (fp, "NASL:%04d> foreach %s (", c->line_nb, c->x.str_val);
685  nasl_dump_expr (fp, c->link[0]);
686  fprintf (fp, ") { ... }\n");
687  break;
688 
689  case NODE_REPEAT_UNTIL:
690  fprintf (fp, "NASL:%04d> repeat { ... } until (", c->line_nb);
691  nasl_dump_expr (fp, c->link[0]);
692  fprintf (fp, ")\n");
693  break;
694 
695  case NODE_REPEATED:
696  fprintf (fp, "NASL:%04d> ... x ", c->line_nb);
697  nasl_dump_expr (fp, c->link[1]);
698  putc ('\n', fp);
699  break;
700 
701  case NODE_RETURN:
702  fprintf (fp, "NASL:%04d> return ", c->line_nb);
703  nasl_dump_expr (fp, c->link[0]);
704  fprintf (fp, ";\n");
705  break;
706 
707  case NODE_BREAK:
708  fprintf (fp, "NASL:%04d> break\n", c->line_nb);
709  break;
710 
711  case NODE_CONTINUE:
712  fprintf (fp, "NASL:%04d> continue\n", c->line_nb);
713  break;
714 
715  case NODE_AFF:
716  case NODE_PLUS_EQ:
717  case NODE_MINUS_EQ:
718  case NODE_MULT_EQ:
719  case NODE_DIV_EQ:
720  case NODE_MODULO_EQ:
721  case NODE_R_SHIFT_EQ:
722  case NODE_R_USHIFT_EQ:
723  case NODE_L_SHIFT_EQ:
724  fprintf (fp, "NASL:%04d> ", c->line_nb);
725  nasl_dump_expr (fp, c);
726  fprintf (fp, ";\n");
727  break;
728 
729  case NODE_FUN_CALL:
730  fprintf (fp, "NASL:%04d> %s(...)\n", c->line_nb, c->x.str_val);
731  break;
732 
733  case NODE_LOCAL:
734  fprintf (fp, "NASL:%04d> local_var ...\n", c->line_nb);
735  break;
736 
737  case NODE_GLOBAL:
738  fprintf (fp, "NASL:%04d> global_var ...\n", c->line_nb);
739  break;
740  }
741 }
742 
744 static long int
745 expo (long int x, long int y)
746 {
747  long int z;
748 
749  if (y == 0)
750  return 1;
751  else if (y < 0)
752  if (x == 1)
753  return 1;
754  else
755  return 0;
756  else if (y == 1)
757  return x;
758 
759  z = expo (x, y / 2);
760  if (y % 2 == 0)
761  return z * z;
762  else
763  return x * z * z;
764 }
765 
769 tree_cell *
771 {
772  tree_cell *ret = NULL, *ret2 = NULL, *tc1 = NULL, *tc2 = NULL, *tc3 = NULL,
773  *idx = NULL, *args;
774  int flag, z;
775  char *s1 = NULL, *s2 = NULL, *s3 = NULL, *p = NULL;
776  char *p1, *p2;
777  int len1, len2;
778  nasl_func *pf = NULL;
779  long int x, y, n;
780  int i, lint_mode = 0;
781 
782  if (st)
783  if (st->line_nb != 0)
784  lexic->line_nb = st->line_nb;
785  /* return */
786  if (lexic->ret_val != NULL)
787  {
788  ref_cell (lexic->ret_val);
789  return lexic->ret_val;
790  }
791 
792  /* break or continue */
793  if (lexic->break_flag || lexic->cont_flag)
794  return FAKE_CELL;
795 
796  if (st == FAKE_CELL)
797  return FAKE_CELL;
798 
799  if (st == NULL)
800  {
801  return NULL;
802  }
803 
804  if (nasl_trace_fp != NULL)
806 
807  switch (st->type)
808  {
809  case NODE_IF_ELSE:
810  ret = nasl_exec (lexic, st->link[0]);
811 #ifdef STOP_AT_FIRST_ERROR
812  if (ret == NULL)
813  return NULL;
814 #endif
815  if (cell2bool (lexic, ret))
816  ret2 = nasl_exec (lexic, st->link[1]);
817  else if (st->link[2] != NULL) /* else branch */
818  ret2 = nasl_exec (lexic, st->link[2]);
819  else /* No else */
820  ret2 = FAKE_CELL;
821  deref_cell (ret);
822  return ret2;
823 
824  case NODE_INSTR_L: /* Block. [0] = first instr, [1] = tail */
825  ret = nasl_exec (lexic, st->link[0]);
826  if (st->link[1] == NULL || lexic->break_flag || lexic->cont_flag)
827  return ret;
828  deref_cell (ret);
829  ret = nasl_exec (lexic, st->link[1]);
830  return ret;
831 
832  case NODE_FOR:
833  /* [0] = start expr, [1] = cond, [2] = end_expr, [3] = block */
834  ret2 = nasl_exec (lexic, st->link[0]);
835 #ifdef STOP_AT_FIRST_ERROR
836  if (ret2 == NULL)
837  return NULL;
838 #endif
839  deref_cell (ret2);
840  for (;;)
841  {
842  /* Break the loop if 'return' */
843  if (lexic->ret_val != NULL)
844  {
845  ref_cell (lexic->ret_val);
846  return lexic->ret_val;
847  }
848 
849  /* condition */
850  if ((ret = nasl_exec (lexic, st->link[1])) == NULL)
851  return NULL; /* We can return here, as NULL is false */
852  flag = cell2bool (lexic, ret);
853  deref_cell (ret);
854  if (!flag)
855  break;
856  /* block */
857  ret = nasl_exec (lexic, st->link[3]);
858 #ifdef STOP_AT_FIRST_ERROR
859  if (ret == NULL)
860  return NULL;
861 #endif
862  deref_cell (ret);
863 
864  /* break */
865  if (lexic->break_flag)
866  {
867  lexic->break_flag = 0;
868  return FAKE_CELL;
869  }
870 
871  lexic->cont_flag = 0; /* No need to test if set */
872 
873  /* end expression */
874  ret = nasl_exec (lexic, st->link[2]);
875 #ifdef STOP_AT_FIRST_ERROR
876  if (ret == NULL)
877  return NULL;
878 #endif
879  deref_cell (ret);
880  }
881  return FAKE_CELL;
882 
883  case NODE_WHILE:
884  /* [0] = cond, [1] = block */
885  for (;;)
886  {
887  /* return? */
888  if (lexic->ret_val != NULL)
889  {
890  ref_cell (lexic->ret_val);
891  return lexic->ret_val;
892  }
893  /* Condition */
894  if ((ret = nasl_exec (lexic, st->link[0])) == NULL)
895  return NULL; /* NULL is false */
896  flag = cell2bool (lexic, ret);
897  deref_cell (ret);
898  if (!flag)
899  break;
900  /* Block */
901  ret = nasl_exec (lexic, st->link[1]);
902 #ifdef STOP_AT_FIRST_ERROR
903  if (ret == NULL)
904  return NULL;
905 #endif
906  deref_cell (ret);
907 
908  /* break */
909  if (lexic->break_flag)
910  {
911  lexic->break_flag = 0;
912  return FAKE_CELL;
913  }
914  lexic->cont_flag = 0;
915  }
916  return FAKE_CELL;
917 
918  case NODE_REPEAT_UNTIL:
919  /* [0] = block, [1] = cond */
920  for (;;)
921  {
922  /* return? */
923  if (lexic->ret_val != NULL)
924  {
925  ref_cell (lexic->ret_val);
926  return lexic->ret_val;
927  }
928  /* Block */
929  ret = nasl_exec (lexic, st->link[0]);
930 #ifdef STOP_AT_FIRST_ERROR
931  if (ret == NULL)
932  return NULL;
933 #endif
934  deref_cell (ret);
935 
936  /* break */
937  if (lexic->break_flag)
938  {
939  lexic->break_flag = 0;
940  return FAKE_CELL;
941  }
942  lexic->cont_flag = 0;
943 
944  /* Condition */
945  ret = nasl_exec (lexic, st->link[1]);
946 #ifdef STOP_AT_FIRST_ERROR
947  if (ret == NULL)
948  return NULL;
949 #endif
950  flag = cell2bool (lexic, ret);
951  deref_cell (ret);
952  if (flag)
953  break;
954  }
955  return FAKE_CELL;
956 
957  case NODE_FOREACH:
958  /* str_val = index name, [0] = array, [1] = block */
959  {
960  nasl_iterator ai;
961  tree_cell *v, *a, *val;
962 
963  v = get_variable_by_name (lexic, st->x.str_val);
964  if (v == NULL)
965  return NULL; /* We cannot go on if we have no variable to iterate */
966  a = nasl_exec (lexic, st->link[0]);
967  ai = nasl_array_iterator (lexic, a);
968  while ((val = nasl_iterate_array (&ai)) != NULL)
969  {
970  tc1 = nasl_affect (v, val);
971  ret = nasl_exec (lexic, st->link[1]);
972  deref_cell (val);
973  deref_cell (tc1);
974 #ifdef STOP_AT_FIRST_ERROR
975  if (ret == NULL)
976  break;
977 #endif
978  deref_cell (ret);
979 
980  /* return */
981  if (lexic->ret_val != NULL)
982  break;
983  /* break */
984  if (lexic->break_flag)
985  {
986  lexic->break_flag = 0;
987  break;
988  }
989  lexic->cont_flag = 0;
990  }
991  free_array (ai.a);
992  g_free (ai.a);
993  deref_cell (a);
994  deref_cell (v);
995  }
996  return FAKE_CELL;
997 
998  case NODE_FUN_DEF:
999  /* x.str_val = function name, [0] = argdecl, [1] = block */
1000  /* 3rd arg is only for lint. Hier is always 0 */
1001  ret = decl_nasl_func (lexic, st, lint_mode);
1002  return ret;
1003 
1004  case NODE_FUN_CALL:
1005  pf = get_func_ref_by_name (lexic, st->x.str_val);
1006  if (pf == NULL)
1007  {
1008  nasl_perror (lexic, "Undefined function '%s'\n", st->x.str_val);
1009  return NULL;
1010  }
1011  args = st->link[0];
1012  ret = nasl_func_call (lexic, pf, args);
1013  return ret;
1014 
1015  case NODE_REPEATED:
1016  n = cell2intW (lexic, st->link[1]);
1017  if (n <= 0)
1018  return NULL;
1019 
1020 #ifdef STOP_AT_FIRST_ERROR
1021  for (tc1 = NULL, i = 1; i <= n; i++)
1022  {
1023  deref_cell (tc1);
1024  if ((tc1 = nasl_exec (lexic, st->link[0])) == NULL)
1025  return NULL;
1026  }
1027  return tc1;
1028 #else
1029  for (i = 1; i <= n; i++)
1030  {
1031  tc1 = nasl_exec (lexic, st->link[0]);
1032  deref_cell (tc1);
1033  }
1034  return FAKE_CELL;
1035 #endif
1036 
1037  /*
1038  * I wonder...
1039  * Will nasl_exec be really called with NODE_EXEC or NODE_ARG?
1040  */
1041  case NODE_DECL: /* Used in function declarations */
1042  /* [0] = next arg in list */
1043  /* TBD? */
1044  return st; /* ? */
1045 
1046  case NODE_ARG: /* Used function calls */
1047  /* val = name can be NULL, [0] = val, [1] = next arg */
1048  ret = nasl_exec (lexic, st->link[0]); /* Is this wise? */
1049  return ret;
1050 
1051  case NODE_RETURN:
1052  /* [0] = ret val */
1053  ret = nasl_return (lexic, st->link[0]);
1054  return ret;
1055 
1056  case NODE_BREAK:
1057  lexic->break_flag = 1;
1058  return FAKE_CELL;
1059 
1060  case NODE_CONTINUE:
1061  lexic->cont_flag = 1;
1062  return FAKE_CELL;
1063 
1064  case NODE_ARRAY_EL: /* val = array name, [0] = index */
1065  idx = cell2atom (lexic, st->link[0]);
1066  ret = get_array_elem (lexic, st->x.str_val, idx);
1067  deref_cell (idx);
1068  return ret;
1069 
1072  case NODE_AFF:
1073  /* [0] = lvalue, [1] = rvalue */
1074  tc1 = nasl_exec (lexic, st->link[0]);
1075  tc2 = nasl_exec (lexic, st->link[1]);
1076  ret = nasl_affect (tc1, tc2);
1077  deref_cell (tc1); /* Must free VAR_REF */
1078  deref_cell (ret);
1079  return tc2; /* So that "a = b = e;" works */
1080 
1081  case NODE_PLUS_EQ:
1082  tc1 = nasl_exec (lexic, st->link[0]);
1083  tc2 = nasl_exec (lexic, st->link[1]);
1084  tc3 = alloc_expr_cell (0, EXPR_PLUS, tc1, tc2);
1085  ret2 = nasl_exec (lexic, tc3);
1086  ret = nasl_affect (tc1, ret2);
1087  deref_cell (tc3); /* Frees tc1 and tc2 */
1088  deref_cell (ret);
1089  return ret2; /* So that "a = b += e;" works */
1090 
1091  case NODE_MINUS_EQ:
1092  tc1 = nasl_exec (lexic, st->link[0]);
1093  tc2 = nasl_exec (lexic, st->link[1]);
1094  tc3 = alloc_expr_cell (0, EXPR_MINUS, tc1, tc2);
1095  ret2 = nasl_exec (lexic, tc3);
1096  ret = nasl_affect (tc1, ret2);
1097  deref_cell (tc3); /* Frees tc1 and tc2 */
1098  deref_cell (ret);
1099  return ret2; /* So that "a = b -= e;" works */
1100 
1101  case NODE_MULT_EQ:
1102  tc1 = nasl_exec (lexic, st->link[0]);
1103  tc2 = nasl_exec (lexic, st->link[1]);
1104  tc3 = alloc_expr_cell (0, EXPR_MULT, tc1, tc2);
1105  ret2 = nasl_exec (lexic, tc3);
1106  ret = nasl_affect (tc1, ret2);
1107  deref_cell (tc3); /* Frees tc1 and tc2 */
1108  deref_cell (ret);
1109  return ret2;
1110 
1111  case NODE_DIV_EQ:
1112  tc1 = nasl_exec (lexic, st->link[0]);
1113  tc2 = nasl_exec (lexic, st->link[1]);
1114  tc3 = alloc_expr_cell (0, EXPR_DIV, tc1, tc2);
1115  ret2 = nasl_exec (lexic, tc3);
1116  ret = nasl_affect (tc1, ret2);
1117  deref_cell (tc3); /* Frees tc1 and tc2 */
1118  deref_cell (ret);
1119  return ret2;
1120 
1121  case NODE_MODULO_EQ:
1122  tc1 = nasl_exec (lexic, st->link[0]);
1123  tc2 = nasl_exec (lexic, st->link[1]);
1124  tc3 = alloc_expr_cell (0, EXPR_MODULO, tc1, tc2);
1125  ret2 = nasl_exec (lexic, tc3);
1126  ret = nasl_affect (tc1, ret2);
1127  deref_cell (tc3); /* Frees tc1 and tc2 */
1128  deref_cell (ret);
1129  return ret2;
1130 
1131  case NODE_L_SHIFT_EQ:
1132  tc1 = nasl_exec (lexic, st->link[0]);
1133  tc2 = nasl_exec (lexic, st->link[1]);
1134  tc3 = alloc_expr_cell (0, EXPR_L_SHIFT, tc1, tc2);
1135  ret2 = nasl_exec (lexic, tc3);
1136  ret = nasl_affect (tc1, ret2);
1137  deref_cell (tc3); /* Frees tc1 and tc2 */
1138  deref_cell (ret);
1139  return ret2;
1140 
1141  case NODE_R_SHIFT_EQ:
1142  tc1 = nasl_exec (lexic, st->link[0]);
1143  tc2 = nasl_exec (lexic, st->link[1]);
1144  tc3 = alloc_expr_cell (0, EXPR_R_SHIFT, tc1, tc2);
1145  ret2 = nasl_exec (lexic, tc3);
1146  ret = nasl_affect (tc1, ret2);
1147  deref_cell (tc3); /* Frees tc1 and tc2 */
1148  deref_cell (ret);
1149  return ret2;
1150 
1151  case NODE_R_USHIFT_EQ:
1152  tc1 = nasl_exec (lexic, st->link[0]);
1153  tc2 = nasl_exec (lexic, st->link[1]);
1154  tc3 = alloc_expr_cell (0, EXPR_R_USHIFT, tc1, tc2);
1155  ret2 = nasl_exec (lexic, tc3);
1156  ret = nasl_affect (tc1, ret2);
1157  deref_cell (tc3); /* Frees tc1 and tc2 */
1158  deref_cell (ret);
1159  return ret2;
1160 
1161  case NODE_VAR:
1162  /* val = variable name */
1163  ret = get_variable_by_name (lexic, st->x.str_val);
1164  return ret;
1165 
1166  case NODE_LOCAL: /* [0] = argdecl */
1167  ret = decl_local_variables (lexic, st->link[0]);
1168  return ret;
1169 
1170  case NODE_GLOBAL: /* [0] = argdecl */
1171  ret = decl_global_variables (lexic, st->link[0]);
1172  return ret;
1173 
1174  case EXPR_AND:
1175  x = cell2bool (lexic, st->link[0]);
1176  if (!x)
1177  return bool2cell (0);
1178 
1179  y = cell2bool (lexic, st->link[1]);
1180  return bool2cell (y);
1181 
1182  case EXPR_OR:
1183  x = cell2bool (lexic, st->link[0]);
1184  if (x)
1185  return bool2cell (x);
1186  y = cell2bool (lexic, st->link[1]);
1187  return bool2cell (y);
1188 
1189  case EXPR_NOT:
1190  x = cell2bool (lexic, st->link[0]);
1191  return bool2cell (!x);
1192 
1193  case EXPR_INCR:
1194  case EXPR_DECR:
1195  x = (st->type == EXPR_INCR) ? 1 : -1;
1196  if (st->link[0] == NULL)
1197  {
1198  y = 1; /* pre */
1199  tc1 = st->link[1];
1200  }
1201  else
1202  {
1203  y = 0; /* post */
1204  tc1 = st->link[0];
1205  }
1206  tc2 = nasl_exec (lexic, tc1);
1207  if (tc2 == NULL)
1208  return NULL;
1209  ret = nasl_incr_variable (lexic, tc2, y, x);
1210  deref_cell (tc2);
1211  return ret;
1212 
1213  case EXPR_PLUS:
1214  s1 = s2 = NULL;
1215  tc1 = cell2atom (lexic, st->link[0]);
1216 #ifdef STOP_AT_FIRST_ERROR
1217  if (tc1 == NULL || tc1 == FAKE_CELL)
1218  return NULL;
1219 #endif
1220  tc2 = cell2atom (lexic, st->link[1]);
1221  if (tc2 == NULL || tc2 == FAKE_CELL)
1222  {
1223 #ifdef STOP_AT_FIRST_ERROR
1224  deref_cell (tc1);
1225  return NULL;
1226 #else
1227  return tc1;
1228 #endif
1229  }
1230 
1231  if (tc1 == NULL || tc1 == FAKE_CELL)
1232  return tc2;
1233 
1234  /*
1235  * Anything added to a string is converted to a string
1236  * Otherwise anything added to an intger is converted into an integer
1237  */
1238  if (tc1->type == CONST_DATA || tc2->type == CONST_DATA)
1239  flag = CONST_DATA;
1240  else if (tc1->type == CONST_STR || tc2->type == CONST_STR)
1241  flag = CONST_STR;
1242  else if (tc1->type == CONST_INT || tc2->type == CONST_INT)
1243  flag = CONST_INT;
1244  else
1245  flag = NODE_EMPTY;
1246  switch (flag)
1247  {
1248  long sz;
1249  case CONST_INT:
1250  x = tc1->x.i_val;
1251  y = cell2int (lexic, tc2);
1252  ret = int2cell (x + y);
1253  break;
1254 
1255  case CONST_STR:
1256  case CONST_DATA:
1257  s1 = s2 = NULL;
1258  if (tc1->type == CONST_STR || tc1->type == CONST_DATA)
1259  len1 = tc1->size;
1260  else
1261  {
1262  s1 = cell2str (lexic, tc1);
1263  len1 = (s1 == NULL ? 0 : strlen (s1));
1264  }
1265 
1266  if (tc2->type == CONST_STR || tc2->type == CONST_DATA)
1267  len2 = tc2->size;
1268  else
1269  {
1270  s2 = cell2str (lexic, tc2);
1271  len2 = (s2 == NULL ? 0 : strlen (s2));
1272  }
1273 
1274  sz = len1 + len2;
1275  s3 = g_malloc0 (sz + 1);
1276  if (len1 > 0)
1277  memcpy (s3, s1 != NULL ? s1 : tc1->x.str_val, len1);
1278  if (len2 > 0)
1279  memcpy (s3 + len1, s2 != NULL ? s2 : tc2->x.str_val, len2);
1280  g_free (s1);
1281  g_free (s2);
1282  ret = alloc_typed_cell (flag);
1283  ret->x.str_val = s3;
1284  ret->size = sz;
1285  break;
1286 
1287  default:
1288  ret = NULL;
1289  break;
1290  }
1291  deref_cell (tc1);
1292  deref_cell (tc2);
1293  return ret;
1294 
1295  case EXPR_MINUS: /* Infamous duplicated code */
1296  s1 = s2 = NULL;
1297  tc1 = cell2atom (lexic, st->link[0]);
1298 #ifdef STOP_AT_FIRST_ERROR
1299  if (tc1 == NULL || tc1 == FAKE_CELL)
1300  return NULL;
1301 #endif
1302  tc2 = cell2atom (lexic, st->link[1]);
1303  if (tc2 == NULL || tc2 == FAKE_CELL)
1304  {
1305 #ifdef STOP_AT_FIRST_ERROR
1306  deref_cell (tc1);
1307  return NULL;
1308 #else
1309  return tc1;
1310 #endif
1311  }
1312 
1313  if (tc1 == NULL || tc1 == FAKE_CELL)
1314  {
1315  if (tc2->type == CONST_INT)
1316  {
1317  y = cell2int (lexic, tc2);
1318  ret = int2cell (-y);
1319  }
1320  else
1321  ret = NULL;
1322  deref_cell (tc2);
1323  return ret;
1324  }
1325 
1326  /*
1327  * Anything subtracted from a string is converted to a string
1328  * Otherwise anything subtracted from integer is converted into an
1329  * integer
1330  */
1331  if (tc1->type == CONST_DATA || tc2->type == CONST_DATA)
1332  flag = CONST_DATA;
1333  else if (tc1->type == CONST_STR || tc2->type == CONST_STR)
1334  flag = CONST_STR;
1335  else if (tc1->type == CONST_INT || tc2->type == CONST_INT)
1336  flag = CONST_INT;
1337  else
1338  flag = NODE_EMPTY;
1339  switch (flag)
1340  {
1341  case CONST_INT:
1342  x = cell2int (lexic, tc1);
1343  y = cell2int (lexic, tc2);
1344  ret = int2cell (x - y);
1345  break;
1346 
1347  case CONST_STR:
1348  case CONST_DATA:
1349  if (tc1->type == CONST_STR || tc1->type == CONST_DATA)
1350  {
1351  p1 = tc1->x.str_val;
1352  len1 = tc1->size;
1353  }
1354  else
1355  {
1356  p1 = s1 = cell2str (lexic, tc1);
1357  len1 = (s1 == NULL ? 0 : strlen (s1));
1358  }
1359 
1360  if (tc2->type == CONST_STR || tc2->type == CONST_DATA)
1361  {
1362  p2 = tc2->x.str_val;
1363  len2 = tc2->size;
1364  }
1365  else
1366  {
1367  p2 = s2 = cell2str (lexic, tc2);
1368  len2 = (s2 == NULL ? 0 : strlen (s2));
1369  }
1370 
1371  /* if p1 is null, last condition p=memem() will not be evaluated
1372  * and p remains NULL */
1373  if (len2 == 0 || len1 < len2
1374  || (p1 != NULL && (p = memmem (p1, len1, p2, len2)) == NULL))
1375  {
1376  s3 = g_malloc0 (len1 + 1);
1377  if (p1 != NULL)
1378  memcpy (s3, p1, len1);
1379  ret = alloc_typed_cell (flag);
1380  ret->x.str_val = s3;
1381  ret->size = len1;
1382  }
1383  else
1384  {
1385  long sz = len1 - len2;
1386  if (sz <= 0)
1387  {
1388  sz = 0;
1389  s3 = g_strdup ("");
1390  }
1391  else
1392  {
1393  s3 = g_malloc0 (sz + 1);
1394  if (p - p1 > 0)
1395  memcpy (s3, p1, p - p1);
1396  if (p != NULL && sz > p - p1)
1397  memcpy (s3 + (p - p1), p + len2, sz - (p - p1));
1398  }
1399  ret = alloc_typed_cell (flag);
1400  ret->x.str_val = s3;
1401  ret->size = sz;
1402  }
1403 
1404  g_free (s1);
1405  g_free (s2);
1406  break;
1407 
1408  default:
1409  ret = NULL;
1410  break;
1411  }
1412  deref_cell (tc1);
1413  deref_cell (tc2);
1414  return ret;
1415 
1416  case EXPR_MULT:
1417  x = cell2intW (lexic, st->link[0]);
1418  y = cell2intW (lexic, st->link[1]);
1419  return int2cell (x * y);
1420 
1421  case EXPR_DIV:
1422  x = cell2intW (lexic, st->link[0]);
1423  y = cell2intW (lexic, st->link[1]);
1424  if (y != 0)
1425  return int2cell (x / y);
1426  else
1427  return int2cell (0);
1428 
1429  case EXPR_EXPO:
1430  x = cell2intW (lexic, st->link[0]);
1431  y = cell2intW (lexic, st->link[1]);
1432  return int2cell (expo (x, y));
1433 
1434  case EXPR_MODULO:
1435  x = cell2intW (lexic, st->link[0]);
1436  y = cell2intW (lexic, st->link[1]);
1437  if (y != 0)
1438  return int2cell (x % y);
1439  else
1440  return int2cell (0);
1441 
1442  case EXPR_BIT_AND:
1443  x = cell2intW (lexic, st->link[0]);
1444  y = cell2intW (lexic, st->link[1]);
1445  return int2cell (x & y);
1446 
1447  case EXPR_BIT_OR:
1448  x = cell2intW (lexic, st->link[0]);
1449  y = cell2intW (lexic, st->link[1]);
1450  return int2cell (x | y);
1451 
1452  case EXPR_BIT_XOR:
1453  x = cell2intW (lexic, st->link[0]);
1454  y = cell2intW (lexic, st->link[1]);
1455  return int2cell (x ^ y);
1456 
1457  case EXPR_BIT_NOT:
1458  x = cell2intW (lexic, st->link[0]);
1459  return int2cell (~x);
1460 
1461  case EXPR_U_MINUS:
1462  x = cell2intW (lexic, st->link[0]);
1463  return int2cell (-x);
1464 
1465  /* TBD: Handle shift for strings and arrays */
1466  case EXPR_L_SHIFT:
1467  x = cell2intW (lexic, st->link[0]);
1468  y = cell2intW (lexic, st->link[1]);
1469  return int2cell (x << y);
1470 
1471  case EXPR_R_SHIFT: /* arithmetic right shift */
1472  x = cell2intW (lexic, st->link[0]);
1473  y = cell2intW (lexic, st->link[1]);
1474  z = x >> y;
1475 #ifndef __GNUC__
1476  if (x < 0 && z >= 0) /* Fix it */
1477  z |= (~0) << (sizeof (x) * 8 - y);
1478 #endif
1479  return int2cell (z);
1480 
1481  case EXPR_R_USHIFT:
1482  x = cell2intW (lexic, st->link[0]);
1483  y = cell2intW (lexic, st->link[1]);
1484  z = (unsigned) x >> (unsigned) y;
1485 #ifndef __GNUC__
1486  if (x < 0 && z <= 0) /* Fix it! */
1487  z &= ~((~0) << (sizeof (x) * 8 - y));
1488 #endif
1489  return int2cell (z);
1490 
1491  case COMP_MATCH:
1492  case COMP_NOMATCH:
1493  tc1 = cell2atom (lexic, st->link[0]);
1494  tc2 = cell2atom (lexic, st->link[1]);
1495  s1 = s2 = NULL;
1496 
1497  if (tc1 == NULL || tc1 == FAKE_CELL)
1498  {
1499  p1 = "";
1500  len1 = 0;
1501  }
1502  else if (tc1->type == CONST_STR || tc1->type == CONST_DATA)
1503  {
1504  p1 = tc1->x.str_val;
1505  len1 = tc1->size;
1506  }
1507  else
1508  {
1509  p1 = s1 = cell2str (lexic, tc1);
1510  len1 = strlen (s1);
1511  }
1512 
1513  if (tc2 == NULL || tc2 == FAKE_CELL)
1514  {
1515  p2 = "";
1516  len2 = 0;
1517  }
1518  else if (tc2->type == CONST_STR || tc2->type == CONST_DATA)
1519  {
1520  p2 = tc2->x.str_val;
1521  len2 = tc2->size;
1522  }
1523  else
1524  {
1525  p2 = s2 = cell2str (lexic, tc2);
1526  len2 = strlen (s2);
1527  }
1528 
1529  if (len1 <= len2)
1530  flag = (memmem (p2, len2, p1, len1) != NULL);
1531  else
1532  flag = 0;
1533 
1534  g_free (s1);
1535  g_free (s2);
1536  deref_cell (tc1);
1537  deref_cell (tc2);
1538  if (st->type == COMP_MATCH)
1539  return bool2cell (flag);
1540  else
1541  return bool2cell (!flag);
1542 
1543  case COMP_RE_MATCH:
1544  case COMP_RE_NOMATCH:
1545  if (st->x.ref_val == NULL)
1546  {
1547  nasl_perror (lexic, "nasl_exec: bad regex at or near line %d\n",
1548  st->line_nb);
1549  return NULL;
1550  }
1551  s1 = cell2str (lexic, st->link[0]);
1552  if (s1 == NULL)
1553  return 0;
1554  flag = regexec (st->x.ref_val, s1, 0, NULL, 0);
1555  g_free (s1);
1556  if (st->type == COMP_RE_MATCH)
1557  return bool2cell (flag != REG_NOMATCH);
1558  else
1559  return bool2cell (flag == REG_NOMATCH);
1560 
1561  case COMP_LT:
1562  return bool2cell (cell_cmp (lexic, st->link[0], st->link[1]) < 0);
1563 
1564  case COMP_LE:
1565  return bool2cell (cell_cmp (lexic, st->link[0], st->link[1]) <= 0);
1566 
1567  case COMP_EQ:
1568  return bool2cell (cell_cmp (lexic, st->link[0], st->link[1]) == 0);
1569 
1570  case COMP_NE:
1571  return bool2cell (cell_cmp (lexic, st->link[0], st->link[1]) != 0);
1572 
1573  case COMP_GT:
1574  return bool2cell (cell_cmp (lexic, st->link[0], st->link[1]) > 0);
1575 
1576  case COMP_GE:
1577  return bool2cell (cell_cmp (lexic, st->link[0], st->link[1]) >= 0);
1578 
1579  case REF_ARRAY:
1580  case DYN_ARRAY:
1581  case CONST_INT:
1582  case CONST_STR:
1583  case CONST_DATA:
1584  ref_cell (st); /* nasl_exec returns a cell that should be deref-ed */
1585  return st;
1586 
1587  case REF_VAR:
1588  ret = nasl_read_var_ref (lexic, st);
1589  return ret;
1590 
1591  default:
1592  nasl_perror (lexic, "nasl_exec: unhandled node type %d\n", st->type);
1593  abort ();
1594  return NULL;
1595  }
1596 }
1597 
1613 int
1615 {
1616  naslctxt ctx;
1617  nasl_func *pf;
1618  int err = 0, to;
1619  tree_cell *ret;
1620  lex_ctxt *lexic;
1621  gchar *old_dir;
1622  gchar *newdir;
1623  tree_cell tc;
1624  const char *str, *name = script_infos->name, *oid = script_infos->oid;
1625  gchar *short_name = g_path_get_basename (name);
1626  int error_counter = 0;
1627 
1628  nasl_set_plugin_filename (short_name);
1629  g_free (short_name);
1630 
1631  srand48 (getpid () + getppid () + (long) time (NULL));
1632 
1633  old_dir = g_get_current_dir ();
1634 
1635  newdir = g_path_get_dirname (name);
1636 
1637  if (g_chdir (newdir) != 0)
1638  {
1639  g_message ("%s: Not able to change working directory to %s (%d [%s]).",
1640  __func__, newdir, errno, strerror (errno));
1641  g_free (old_dir);
1642  g_free (newdir);
1643  return -1;
1644  }
1645  g_free (newdir);
1646 
1647  bzero (&ctx, sizeof (ctx));
1648  if (mode & NASL_ALWAYS_SIGNED)
1649  ctx.always_signed = 1;
1650  if ((mode & NASL_EXEC_DESCR) != 0)
1651  ctx.exec_descr = 1;
1652  if (nvticache_initialized ())
1653  ctx.kb = nvticache_get_kb ();
1654  else
1655  ctx.kb = plug_get_kb (script_infos);
1656 
1657  if (init_nasl_ctx (&ctx, name) == 0)
1658  {
1659  err = naslparse (&ctx, &error_counter);
1660  if (err != 0 || error_counter > 0)
1661  {
1662  g_message ("%s. There were %d parse errors.", name, error_counter);
1663  nasl_clean_ctx (&ctx);
1664  g_chdir (old_dir);
1665  g_free (old_dir);
1666  return -1;
1667  }
1668  }
1669  else
1670  {
1671  g_chdir (old_dir);
1672  g_free (old_dir);
1673  return -1;
1674  }
1675 
1676  lexic = init_empty_lex_ctxt ();
1677  lexic->script_infos = script_infos;
1678  lexic->oid = oid;
1680 
1681  str = prefs_get ("checks_read_timeout");
1682  if (str != NULL)
1683  to = atoi (str);
1684  else
1685  to = 5;
1686 
1687  if (to <= 0)
1688  to = 5;
1689 
1690  lexic->recv_timeout = to;
1691 
1692  if (mode & NASL_LINT)
1693  {
1694  /* ret is set to the number of errors the linter finds.
1695  ret will be overwritten with -1 if any errors occur in the steps
1696  after linting so we do not break other behaviour dependent on a
1697  negative return value when doing more than just linting. */
1698  tree_cell *lintret = nasl_lint (lexic, ctx.tree);
1699  if (lintret == NULL)
1700  err--;
1701  else if (lintret != FAKE_CELL && lintret->x.i_val > 0)
1702  {
1703  err = lintret->x.i_val;
1704  g_free (lintret);
1705  }
1706  }
1707  else if (!(mode & NASL_EXEC_PARSE_ONLY))
1708  {
1709  char *p;
1710 
1711  bzero (&tc, sizeof (tc));
1712  tc.type = CONST_INT;
1713  tc.x.i_val = (mode & NASL_COMMAND_LINE) != 0;
1714  add_named_var_to_ctxt (lexic, "COMMAND_LINE", &tc);
1715 
1716  bzero (&tc, sizeof (tc));
1717  tc.type = CONST_INT;
1718  tc.x.i_val = (mode & NASL_EXEC_DESCR) != 0;
1719  add_named_var_to_ctxt (lexic, "description", &tc);
1720 
1721  tc.type = CONST_DATA;
1722  p = strrchr (name, '/');
1723  if (p == NULL)
1724  p = (char *) name;
1725  else
1726  p++;
1727  tc.x.str_val = p;
1728  tc.size = strlen (p);
1729  add_named_var_to_ctxt (lexic, "SCRIPT_NAME", &tc);
1730 
1731  truc = (lex_ctxt *) ctx.tree;
1732  if ((ret = nasl_exec (lexic, ctx.tree)) == NULL)
1733  err = -1;
1734  else
1735  deref_cell (ret);
1736 
1737  if ((pf = get_func_ref_by_name (lexic, "on_exit")) != NULL)
1738  nasl_func_call (lexic, pf, NULL);
1739  }
1740 
1741  if (g_chdir (old_dir) != 0)
1742  {
1743  g_free (old_dir);
1744  return -1;
1745  }
1746  g_free (old_dir);
1747 
1748  nasl_clean_ctx (&ctx);
1749  free_lex_ctxt (lexic);
1750  return err;
1751 }
NODE_LOCAL
@ NODE_LOCAL
Definition: nasl_tree.h:32
EXPR_AND
@ EXPR_AND
Definition: nasl_tree.h:45
nasl_type_name
const char * nasl_type_name(int t)
Definition: nasl_tree.c:346
free_array
void free_array(nasl_array *a)
Definition: nasl_var.c:342
script_infos
Definition: scanneraux.h:29
get_func_ref_by_name
nasl_func * get_func_ref_by_name(lex_ctxt *ctxt, const char *name)
Definition: nasl_func.c:82
EXPR_BIT_XOR
@ EXPR_BIT_XOR
Definition: nasl_tree.h:59
CONST_DATA
@ CONST_DATA
Definition: nasl_tree.h:82
struct_lex_ctxt::line_nb
int line_nb
Definition: nasl_lex_ctxt.h:33
cell2str
static char * cell2str(lex_ctxt *lexic, tree_cell *c)
Definition: exec.c:150
nasl_return
tree_cell * nasl_return(lex_ctxt *ctxt, tree_cell *retv)
Definition: nasl_func.c:236
add_named_var_to_ctxt
named_nasl_var * add_named_var_to_ctxt(lex_ctxt *, const char *, tree_cell *)
Definition: nasl_var.c:813
NODE_MINUS_EQ
@ NODE_MINUS_EQ
Definition: nasl_tree.h:36
NODE_WHILE
@ NODE_WHILE
Definition: nasl_tree.h:17
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:1055
NODE_DECL
@ NODE_DECL
Definition: nasl_tree.h:23
NODE_RETURN
@ NODE_RETURN
Definition: nasl_tree.h:25
TC::str_val
char * str_val
Definition: nasl_tree.h:103
NODE_GLOBAL
@ NODE_GLOBAL
Definition: nasl_tree.h:33
NODE_AFF
@ NODE_AFF
Definition: nasl_tree.h:30
NODE_DIV_EQ
@ NODE_DIV_EQ
Definition: nasl_tree.h:38
struct_lex_ctxt::cont_flag
unsigned cont_flag
Definition: nasl_lex_ctxt.h:28
NODE_L_SHIFT_EQ
@ NODE_L_SHIFT_EQ
Definition: nasl_tree.h:41
cell_type
int cell_type(const tree_cell *c)
Definition: nasl_tree.c:407
nasl_iterate_array
tree_cell * nasl_iterate_array(nasl_iterator *it)
Definition: nasl_var.c:1205
EXPR_R_USHIFT
@ EXPR_R_USHIFT
Definition: nasl_tree.h:65
CONST_STR
@ CONST_STR
Definition: nasl_tree.h:80
st_n_nasl_var
Definition: nasl_var.h:55
int2cell
static tree_cell * int2cell(long int x)
Definition: exec.c:136
naslctxt
Definition: nasl_global_ctxt.h:18
array2str
char * array2str(const nasl_array *a)
Definition: nasl_var.c:993
NODE_REPEAT_UNTIL
@ NODE_REPEAT_UNTIL
Definition: nasl_tree.h:19
NODE_ARRAY_EL
@ NODE_ARRAY_EL
Definition: nasl_tree.h:29
script_infos::name
char * name
Definition: scanneraux.h:35
TC::x
union TC::@5 x
DYN_ARRAY
@ DYN_ARRAY
Definition: nasl_tree.h:90
nasl_exec
tree_cell * nasl_exec(lex_ctxt *lexic, tree_cell *st)
Execute a parse tree.
Definition: exec.c:770
st_nasl_func
Definition: nasl_func.h:15
decl_global_variables
tree_cell * decl_global_variables(lex_ctxt *, tree_cell *)
Definition: nasl_var.c:774
FAKE_CELL
#define FAKE_CELL
Definition: nasl_tree.h:110
nasl_read_var_ref
tree_cell * nasl_read_var_ref(lex_ctxt *, tree_cell *)
Definition: nasl_var.c:835
st_n_nasl_var::var_name
char * var_name
Definition: nasl_var.h:58
EXPR_BIT_NOT
@ EXPR_BIT_NOT
Definition: nasl_tree.h:60
NODE_FUN_DEF
@ NODE_FUN_DEF
Definition: nasl_tree.h:21
exec.h
EXPR_U_MINUS
@ EXPR_U_MINUS
Definition: nasl_tree.h:51
nasl_dump_expr
static void nasl_dump_expr(FILE *fp, const tree_cell *c)
Definition: exec.c:362
name
const char * name
Definition: nasl_init.c:411
naslctxt::kb
kb_t kb
Definition: nasl_global_ctxt.h:29
st_nasl_array
Definition: nasl_var.h:33
nasl_affect
tree_cell * nasl_affect(tree_cell *lval, tree_cell *rval)
Definition: nasl_var.c:700
naslctxt::exec_descr
int exec_descr
Definition: nasl_global_ctxt.h:23
NODE_R_SHIFT_EQ
@ NODE_R_SHIFT_EQ
Definition: nasl_tree.h:42
EXPR_MODULO
@ EXPR_MODULO
Definition: nasl_tree.h:54
NASL_EXEC_DESCR
#define NASL_EXEC_DESCR
Definition: nasl.h:45
cell2atom
tree_cell * cell2atom(lex_ctxt *lexic, tree_cell *c1)
Definition: exec.c:194
oid
const char * oid
Definition: nasl_builtin_find_service.c:51
NODE_FUN_CALL
@ NODE_FUN_CALL
Definition: nasl_tree.h:22
nasl_debug.h
COMP_LE
@ COMP_LE
Definition: nasl_tree.h:73
NODE_FOREACH
@ NODE_FOREACH
Definition: nasl_tree.h:18
nasl_perror
void nasl_perror(lex_ctxt *lexic, char *msg,...)
Definition: nasl_debug.c:111
EXPR_DECR
@ EXPR_DECR
Definition: nasl_tree.h:62
decl_nasl_func
tree_cell * decl_nasl_func(lex_ctxt *lexic, tree_cell *decl_node, int lint_mode)
Definition: nasl_func.c:66
struct_lex_ctxt::break_flag
unsigned break_flag
Definition: nasl_lex_ctxt.h:27
NODE_VAR
@ NODE_VAR
Definition: nasl_tree.h:31
bool2cell
static tree_cell * bool2cell(long int x)
Definition: exec.c:144
TC::size
int size
Definition: nasl_tree.h:99
cell2intW
static long int cell2intW(lex_ctxt *lexic, tree_cell *c)
Definition: exec.c:130
EXPR_PLUS
@ EXPR_PLUS
Definition: nasl_tree.h:49
NODE_INSTR_L
@ NODE_INSTR_L
Definition: nasl_tree.h:15
nasl_lex_ctxt.h
nasl_array_iterator
nasl_iterator nasl_array_iterator(void *ctxt, tree_cell *c)
Definition: nasl_var.c:1169
TC::line_nb
short line_nb
Definition: nasl_tree.h:96
nasl_lint
tree_cell * nasl_lint(lex_ctxt *lexic, tree_cell *st)
Search for errors in a nasl script.
Definition: lint.c:811
nasl_clean_ctx
void nasl_clean_ctx(naslctxt *)
Definition: nasl_grammar.tab.c:2796
nasl_trace_fp
FILE * nasl_trace_fp
Definition: exec.c:357
NODE_REPEATED
@ NODE_REPEATED
Definition: nasl_tree.h:20
EXPR_R_SHIFT
@ EXPR_R_SHIFT
Definition: nasl_tree.h:64
EXPR_NOT
@ EXPR_NOT
Definition: nasl_tree.h:47
struct_lex_ctxt::oid
const char * oid
Definition: nasl_lex_ctxt.h:31
free_lex_ctxt
void free_lex_ctxt(lex_ctxt *c)
Definition: nasl_lex_ctxt.c:43
nasl.h
EXPR_DIV
@ EXPR_DIV
Definition: nasl_tree.h:53
script_infos::oid
char * oid
Definition: scanneraux.h:34
nasl_func.h
TC::ref_val
void * ref_val
Definition: nasl_tree.h:105
init_nasl_ctx
int init_nasl_ctx(naslctxt *, const char *)
Initialize a NASL context for a NASL file.
Definition: nasl_grammar.tab.c:2684
COMP_RE_NOMATCH
@ COMP_RE_NOMATCH
Definition: nasl_tree.h:70
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:30
nasl_short_dump
static void nasl_short_dump(FILE *fp, const tree_cell *c)
Definition: exec.c:651
alloc_expr_cell
tree_cell * alloc_expr_cell(int lnb, int t, tree_cell *l, tree_cell *r)
Definition: nasl_tree.c:63
cell2int3
static long int cell2int3(lex_ctxt *lexic, tree_cell *c, int warn, named_nasl_var *v)
Definition: exec.c:76
NASL_COMMAND_LINE
#define NASL_COMMAND_LINE
Definition: nasl.h:48
naslparse
int naslparse(naslctxt *, int *)
get_array_elem
tree_cell * get_array_elem(lex_ctxt *, const char *, tree_cell *)
Definition: nasl_var.c:211
EXPR_L_SHIFT
@ EXPR_L_SHIFT
Definition: nasl_tree.h:63
EXPR_BIT_AND
@ EXPR_BIT_AND
Definition: nasl_tree.h:57
TC
Definition: nasl_tree.h:94
struct_lex_ctxt
Definition: nasl_lex_ctxt.h:23
COMP_MATCH
@ COMP_MATCH
Definition: nasl_tree.h:67
TC::type
short type
Definition: nasl_tree.h:95
TC::link
struct TC * link[4]
Definition: nasl_tree.h:107
naslctxt::tree
tree_cell * tree
Definition: nasl_global_ctxt.h:27
nasl_var.h
naslctxt::always_signed
int always_signed
Definition: nasl_global_ctxt.h:21
cell_cmp
long int cell_cmp(lex_ctxt *lexic, tree_cell *c1, tree_cell *c2)
Definition: exec.c:218
ref_cell
void ref_cell(tree_cell *c)
Definition: nasl_tree.c:167
NODE_R_USHIFT_EQ
@ NODE_R_USHIFT_EQ
Definition: nasl_tree.h:43
nasl_set_plugin_filename
void nasl_set_plugin_filename(const char *filename)
Set the current launched plugin filename.
Definition: nasl_debug.c:53
COMP_GE
@ COMP_GE
Definition: nasl_tree.h:77
NODE_MULT_EQ
@ NODE_MULT_EQ
Definition: nasl_tree.h:37
EXPR_MINUS
@ EXPR_MINUS
Definition: nasl_tree.h:50
REF_VAR
@ REF_VAR
Definition: nasl_tree.h:88
nasl_global_ctxt.h
EXPR_INCR
@ EXPR_INCR
Definition: nasl_tree.h:61
CONST_INT
@ CONST_INT
Definition: nasl_tree.h:79
nasl_func_call
tree_cell * nasl_func_call(lex_ctxt *lexic, const nasl_func *f, tree_cell *arg_list)
Definition: nasl_func.c:95
val
const char * val
Definition: nasl_init.c:412
COMP_LT
@ COMP_LT
Definition: nasl_tree.h:72
struct_lex_ctxt::recv_timeout
int recv_timeout
Definition: nasl_lex_ctxt.h:32
NODE_IF_ELSE
@ NODE_IF_ELSE
Definition: nasl_tree.h:14
nasl_iterator::a
nasl_array * a
Definition: nasl_var.h:67
COMP_NE
@ COMP_NE
Definition: nasl_tree.h:75
nasl_iterator
Definition: nasl_var.h:66
EXPR_OR
@ EXPR_OR
Definition: nasl_tree.h:46
NODE_CONTINUE
@ NODE_CONTINUE
Definition: nasl_tree.h:27
NODE_FOR
@ NODE_FOR
Definition: nasl_tree.h:16
COMP_RE_MATCH
@ COMP_RE_MATCH
Definition: nasl_tree.h:69
nasl_init.h
NASL_ALWAYS_SIGNED
#define NASL_ALWAYS_SIGNED
Definition: nasl.h:47
nasl_incr_variable
tree_cell * nasl_incr_variable(lex_ctxt *, tree_cell *, int, int)
Definition: nasl_var.c:922
NODE_MODULO_EQ
@ NODE_MODULO_EQ
Definition: nasl_tree.h:39
exec_nasl_script
int exec_nasl_script(struct script_infos *script_infos, int mode)
Execute a NASL script.
Definition: exec.c:1614
REF_ARRAY
@ REF_ARRAY
Definition: nasl_tree.h:89
nasl_set_filename
void nasl_set_filename(const char *filename)
Definition: nasl_debug.c:88
NODE_BREAK
@ NODE_BREAK
Definition: nasl_tree.h:26
cell2int
static long int cell2int(lex_ctxt *lexic, tree_cell *c)
Definition: exec.c:124
NASL_EXEC_PARSE_ONLY
#define NASL_EXEC_PARSE_ONLY
Definition: nasl.h:46
NODE_PLUS_EQ
@ NODE_PLUS_EQ
Definition: nasl_tree.h:35
deref_cell
void deref_cell(tree_cell *c)
Definition: nasl_tree.c:181
truc
lex_ctxt * truc
Definition: exec.c:359
cell2bool
static int cell2bool(lex_ctxt *lexic, tree_cell *c)
Definition: exec.c:44
alloc_typed_cell
tree_cell * alloc_typed_cell(int typ)
Definition: nasl_tree.c:28
get_variable_by_name
tree_cell * get_variable_by_name(lex_ctxt *, const char *)
Definition: nasl_var.c:179
COMP_NOMATCH
@ COMP_NOMATCH
Definition: nasl_tree.h:68
init_empty_lex_ctxt
lex_ctxt * init_empty_lex_ctxt()
Definition: nasl_lex_ctxt.c:20
NODE_EMPTY
@ NODE_EMPTY
Definition: nasl_tree.h:13
NASL_LINT
#define NASL_LINT
Definition: nasl.h:49
lint.h
NODE_ARG
@ NODE_ARG
Definition: nasl_tree.h:24
EXPR_EXPO
@ EXPR_EXPO
Definition: nasl_tree.h:55
nasl_tree.h
decl_local_variables
tree_cell * decl_local_variables(lex_ctxt *, tree_cell *)
Definition: nasl_var.c:761
EXPR_BIT_OR
@ EXPR_BIT_OR
Definition: nasl_tree.h:58
EXPR_MULT
@ EXPR_MULT
Definition: nasl_tree.h:52
COMP_EQ
@ COMP_EQ
Definition: nasl_tree.h:74
expo
static long int expo(long int x, long int y)
Definition: exec.c:745
struct_lex_ctxt::ret_val
tree_cell * ret_val
Definition: nasl_lex_ctxt.h:25
TC::i_val
long int i_val
Definition: nasl_tree.h:104
COMP_GT
@ COMP_GT
Definition: nasl_tree.h:76