Closed b0x-Protector closed 4 years ago
cve_vuln will never be empty ? what the point of checking that ?? it is additional processing for nothing ? what do you think ? if your cve_vuln is empty, there is something that you did wrong.... maybe you copied only the .sh
I will add the check just in case someone copy only the sh... the one on the cve_path is a good one.. thanks... I have added it... will be in the coming push.
cve_vuln will never be empty ? what the point of checking that ?? it is additional processing for nothing ? what do you think ? if your cve_vuln is empty, there is something that you did wrong.... maybe you copied only the .sh
I just set the non existing version of SUDO, namely sver_tmp=1.8.177p1
I think there was previous check that you missed.... try to use the docker for the testing....there is a video on how to use it.
I think there was previous check that you missed.... try to use the docker for the testing....there is a video on how to use it.
Perhaps, but initially this error appeared due to the fact that “SUDO 1.8.17p1” was not in cve.sudo2.txt. As a result, _cvevuln=`cat cve.sudo2.txt | grep "$ (echo $ sver)" | cut -d "+" -f 1` returned an empty string. When I set the "correct" SUDO version, the error disappeared.
I see... then yes, there is a possibility that cve_vuln is empty when there is no match for the sudo version... then the check is that you proposed it legitimate... thanks for this issue :) :+1:
It's me again :)
It might be better to add a check for "cve_vuln", as well as slightly tweak the calculation of "cvepath" (line 273 and 275).
Otherwise, the path to cve is not displayed and the incorrect result is displayed if "cve_vuln" is empty.