-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'oval eval' does not work properly in version 0.9.3 (RHEL) but does in v1.0.8 #3
Comments
Hey Greg, There is no bug in OpenSCAP. OpenSCAP oval eval works properly even with 0.9.3. You can use --oval-results option to see result of the definition evaluation. The thing is that, version 0.9.3 does not print out the result. The print out was introduced in 109d299. |
--oval-results in 0.9.3 and --results in 1.0.8? I could only get That command prints out 1MB file with everything in it. That seems like The command line printout of the results is terrific. Thanks for clarifying. Greg On Mon, Sep 8, 2014 at 8:14 AM, Šimon Lukašík notifications@github.com
|
xmlWalkerReader may give us NULL where we used to get "" from xmlTextReader Addressing: OpenSCAP#1 0x00007ffff7d5cd3b in strregcomp (pattern=0x629a70 ".*", test_str=0x0) at oval_cmp_basic.c:143 OpenSCAP#2 0x00007ffff7d5cecf in oval_string_cmp (state=0x629a70 ".*", syschar=0x0, operation=OVAL_OPERATION_PATTERN_MATCH) at oval_cmp_basic.c:192 OpenSCAP#3 0x00007ffff7d5c362 in oval_ent_cmp_str (state_data=0x629a70 ".*", state_data_type=OVAL_DATATYPE_STRING, sysent=0x62a210, operation=OVAL_OPERATION_PATTERN_MATCH) at oval_cmp.c:99 OpenSCAP#4 0x00007ffff7d64a44 in _evaluate_sysent (syschar_model=0x61c870, item_entity=0x62a210, state_entity=0x6299c0, state_entity_operation=OVAL_OPERATION_PATTERN_MATCH, content=0x629970) at oval_resultTest.c:464 OpenSCAP#5 0x00007ffff7d64cd5 in eval_item (syschar_model=0x61c870, cur_sysitem=0x61f200, state=0x61fab0) at oval_resultTest.c:546 OpenSCAP#6 0x00007ffff7d65021 in eval_check_state (test=0x627d60, args=0x7fffffffd600) at oval_resultTest.c:644 OpenSCAP#7 0x00007ffff7d6553a in _oval_result_test_evaluate_items (test=0x627d60, syschar_object=0x61e180, args=0x7fffffffd600) at oval_resultTest.c:805 OpenSCAP#8 0x00007ffff7d65765 in _oval_result_test_result (rtest=0x62a770, args=0x7fffffffd600) at oval_resultTest.c:870 OpenSCAP#9 0x00007ffff7d65af4 in oval_result_test_eval (rtest=0x62a770) at oval_resultTest.c:966 OpenSCAP#10 0x00007ffff7d5f907 in _oval_result_criteria_node_result (node=0x62d510) at oval_resultCriteriaNode.c:357 OpenSCAP#11 0x00007ffff7d5f99f in oval_result_criteria_node_eval (node=0x62d510) at oval_resultCriteriaNode.c:378 OpenSCAP#12 0x00007ffff7d5f8a5 in _oval_result_criteria_node_result (node=0x61e1e0) at oval_resultCriteriaNode.c:348
Hi, |
Addressing: #0 in xccdf_value_instance_get_value (item=0x0) at value.c:437 #1 in xccdf_policy_get_value_of_item (policy=0x630a00, item=0x63ad80) at xccdf_policy.c:2426 #2 in xccdf_policy_add_final_setvalue (policy=0x630a00, value=0x63ad80, result=0x630870) at xccdf_policy.c:2193 #3 in xccdf_policy_add_final_setvalues (policy=0x630a00, item=0x631d90, result=0x630870) at xccdf_policy.c:2228 #4 in xccdf_policy_evaluate (policy=0x630a00) at xccdf_policy.c:2318 #5 in xccdf_session_evaluate (session=0x61fb00) at xccdf_session.c:907 #6 in app_evaluate_xccdf (action=0x7fffffffd4a0) at oscap-xccdf.c:490 #7 in oscap_module_call (action=0x7fffffffd4a0) at oscap-tool.c:261 #8 in oscap_module_process (module=0x6176c0 <XCCDF_EVAL>, argc=8, argv=0x7fffffffd718) at oscap-tool.c:346 #9 in main (argc=8, argv=0x7fffffffd718) at oscap.c:79
These hunks are missing from 41ef893. Addressing segmentation fault: #0 0x00007ffff561108d in xmlHashFree () from /lib64/libxml2.so.2 #1 0x00007ffff560865c in xmlFreeDoc () from /lib64/libxml2.so.2 #2 0x00007ffff7ad39f8 in oscap_source_free (source=0xf45e90) at oscap_source.c:109 #3 0x00007ffff7ace116 in oscap_htable_free (htable=0xd7dd90, destructor=0x7ffff7ad3968 <oscap_source_free>) at list.c:532 #4 0x00007ffff7b6f79f in _xccdf_session_free_oval_result_sources (session=0x61fb40) at xccdf_session.c:1023 #5 0x00007ffff7b6cf73 in xccdf_session_free (session=0x61fb40) at xccdf_session.c:205 #6 0x000000000040bfe4 in app_evaluate_xccdf (action=0x7fffffffd430) at oscap-xccdf.c:540 #7 0x0000000000407f8b in oscap_module_call (action=0x7fffffffd430) at oscap-tool.c:260 #8 0x0000000000408408 in oscap_module_process (module=0x617700 <XCCDF_EVAL>, argc=12, argv=0x7fffffffd6a8) at oscap-tool.c:345 #9 0x0000000000406e1d in main (argc=12, argv=0x7fffffffd6a8) at oscap.c:80
Addressing: #0 xccdf_value_instance_get_value (item=0x0) at value.c:437 #1 0x00007f6835881eac in xccdf_policy_get_value_of_item (policy=policy@entry=0x7f68371a1b10, item=<optimized out>) at xccdf_policy.c:2426 #2 0x00007f6835881f01 in xccdf_policy_add_final_setvalue (policy=policy@entry=0x7f68371a1b10, value=0x7f6836f8bbb0, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2193 #3 0x00007f6835881fa3 in xccdf_policy_add_final_setvalues (policy=policy@entry=0x7f68371a1b10, item=0x7f6836f8a040, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2213 #4 0x00007f6835881fe3 in xccdf_policy_add_final_setvalues (policy=policy@entry=0x7f68371a1b10, item=0x7f6836f1f280, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2220 #5 0x00007f6835881fe3 in xccdf_policy_add_final_setvalues (policy=policy@entry=0x7f68371a1b10, item=0x7f6836e57630, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2220 #6 0x00007f6835882083 in xccdf_policy_add_final_setvalues (policy=policy@entry=0x7f68371a1b10, item=0x7f6836e186c0, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2235 #7 0x00007f683588220d in xccdf_policy_evaluate (policy=policy@entry=0x7f68371a1b10) at xccdf_policy.c:2318 #8 0x00007f683587ddea in xccdf_session_evaluate (session=session@entry=0x7f6836d00b60) at xccdf_session.c:906 #9 0x00007f6835cf4210 in app_evaluate_xccdf (action=0x7fff67b1c800) at oscap-xccdf.c:490 #10 0x00007f6835cefc69 in oscap_module_call (action=0x7fff67b1c800) at oscap-tool.c:261 #11 oscap_module_process (module=0x7f6835efdb60 <XCCDF_EVAL>, module@entry=0x7f6835efd0e0 <OSCAP_ROOT_MODULE>, argc=argc@entry=8, argv=argv@entry=0x7fff67b1ca88) at oscap-tool.c:346 #12 0x00007f6835cee9b1 in main (argc=8, argv=0x7fff67b1ca88) at oscap.c:79
Fix the following warning raised by Oracle Developer Studio 12.5: CC oscap-oscap-oval.o "oscap-oval.c", line 361: warning: improper pointer/integer combination: arg OpenSCAP#3.
Fix the following warning raised by Oracle Developer Studio 12.5: CC oscap-oscap-oval.o "oscap-oval.c", line 361: warning: improper pointer/integer combination: arg OpenSCAP#3.
Addressing: ``` #0 0x00007ffff4b486e9 in cvrf_model_filter_by_cpe (model=0x0, cpe=0x600c0000bde0 "Red Hat Enterprise Linux Desktop Supplementary (v. 6)") at cvrf_priv.c:1293 #1 0x00007ffff4b4d35e in find_all_cvrf_product_ids_from_cpe ( session=session@entry=0x60080000a4d0) at cvrf_eval.c:172 OpenSCAP#2 0x00007ffff4b4debe in cvrf_model_get_results_source (import_source=<optimized out>, os_name=os_name@entry=0x555555584660 "Red Hat Enterprise Linux Desktop Supplementary (v. 6)") at cvrf_eval.c:230 OpenSCAP#3 0x0000555555574c58 in app_cvrf_evaluate (action=0x7fffffffe2c0) at oscap-cvrf.c:102 OpenSCAP#4 0x0000555555566e16 in oscap_module_call (action=0x7fffffffe2c0) at oscap-tool.c:261 OpenSCAP#5 oscap_module_process (module=0x55555578ffc0 <CVRF_EVALUATE_MODULE>, module@entry=0x55555578a120 <OSCAP_ROOT_MODULE>, argc=argc@entry=4, argv=argv@entry=0x7fffffffe5b8) at oscap-tool.c:346 OpenSCAP#6 0x0000555555564c32 in main (argc=4, argv=0x7fffffffe5b8) at oscap.c:83 ```
Addressing: ``` #0 0x00007ffff4b486e9 in cvrf_model_filter_by_cpe (model=0x0, cpe=0x600c0000bde0 "Red Hat Enterprise Linux Desktop Supplementary (v. 6)") at cvrf_priv.c:1293 #1 0x00007ffff4b4d35e in find_all_cvrf_product_ids_from_cpe ( session=session@entry=0x60080000a4d0) at cvrf_eval.c:172 OpenSCAP#2 0x00007ffff4b4debe in cvrf_model_get_results_source (import_source=<optimized out>, os_name=os_name@entry=0x555555584660 "Red Hat Enterprise Linux Desktop Supplementary (v. 6)") at cvrf_eval.c:230 OpenSCAP#3 0x0000555555574c58 in app_cvrf_evaluate (action=0x7fffffffe2c0) at oscap-cvrf.c:102 OpenSCAP#4 0x0000555555566e16 in oscap_module_call (action=0x7fffffffe2c0) at oscap-tool.c:261 OpenSCAP#5 oscap_module_process (module=0x55555578ffc0 <CVRF_EVALUATE_MODULE>, module@entry=0x55555578a120 <OSCAP_ROOT_MODULE>, argc=argc@entry=4, argv=argv@entry=0x7fffffffe5b8) at oscap-tool.c:346 OpenSCAP#6 0x0000555555564c32 in main (argc=4, argv=0x7fffffffe5b8) at oscap.c:83 ```
TEST: test_probe_xinetd_duplicates ================================================================= ==865597==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000001d4d at pc 0x7f78bcc4c87c bp 0x7ffdcac81740 sp 0x7ffdcac80ef0 READ of size 974 at 0x619000001d4d thread T0 #0 0x7f78bcc4c87b in __interceptor_strchr.part.0 (/lib64/libasan.so.8+0x4c87b) OpenSCAP#1 0x564e304c23e2 in xiconf_parse /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../sr c/OVAL/probes/unix/xinetd_probe.c:633 OpenSCAP#2 0x564e304ba8e5 in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xinetd/test_probe_xinetd.c:40 OpenSCAP#3 0x7f78bc42954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) OpenSCAP#4 0x7f78bc429608 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x29608) OpenSCAP#5 0x564e304baed4 in _start (/builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/redhat-linux-build/tests/probes/xinetd/tes t_probe_xinetd+0x4ed4) 0x619000001d4d is located 0 bytes to the right of 973-byte region [0x619000001980,0x619000001d4d) allocated by thread T0 here: #0 0x7f78bccba68f in __interceptor_malloc (/lib64/libasan.so.8+0xba68f) OpenSCAP#1 0x564e304c1a87 in xiconf_read /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../src /OVAL/probes/unix/xinetd_probe.c:525 OpenSCAP#2 0x564e304c226c in xiconf_parse /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../sr c/OVAL/probes/unix/xinetd_probe.c:608 OpenSCAP#3 0x564e304ba8e5 in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xinetd/test_probe_xinetd.c:40 OpenSCAP#4 0x7f78bc42954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0x4c87b) in __interceptor_strchr.part.0 Shadow bytes around the buggy address: 0x0c327fff8350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c327fff83a0: 00 00 00 00 00 00 00 00 00[05]fa fa fa fa fa fa 0x0c327fff83b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff83c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff83d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff83e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff83f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==865597==ABORTING
libxml2 does use <= when comparing nodeNr and 0. node line depends on node type, we need to use function to find it. See: https://github.com/tenderlove/libxml2/blob/ecb5d5afdc8acceba608524f6e98c361fd2ce0e9/tree.c#L4507 253/265 Test: probes/xmlfilecontent/test_xmlfilecontent_probe.sh Command: "/builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xmlfilecontent/test_xmlfilecontent_probe.sh" Directory: /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/redhat-linux-build/tests/probes/xmlfilecontent "probes/xmlfilecontent/test_xmlfilecontent_probe.sh" start time: Sep 04 20:13 EEST Output: ---------------------------------------------------------- ================================================================= ==866168==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080003efd90 at pc 0x7fdbf2623c59 bp 0x7fdbe7ab8430 sp 0x7fdbe7ab8428 READ of size 2 at 0x6080003efd90 thread T8 #0 0x7fdbf2623c58 in process_file.isra.0 /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xm lfilecontent_probe.c:307 OpenSCAP#1 0x7fdbf25dba5a in xmlfilecontent_probe_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independ ent/xmlfilecontent_probe.c:397 OpenSCAP#2 0x7fdbf25c2087 in probe_worker /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c:1114 OpenSCAP#3 0x7fdbf25bc44f in probe_worker_runfn /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c: 97 OpenSCAP#4 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) OpenSCAP#5 0x7fdbf21121af in clone3 (/lib64/libc.so.6+0x1121af) 0x6080003efd90 is located 16 bytes to the right of 96-byte region [0x6080003efd20,0x6080003efd80) allocated by thread T8 here: #0 0x7fdbf28ba68f in __interceptor_malloc (/lib64/libasan.so.8+0xba68f) OpenSCAP#1 0x7fdbf22cdb63 in xmlNewPropInternal.lto_priv.0 (/lib64/libxml2.so.2+0x57b63) Thread T8 created by T7 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf25bf673 in probe_input_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/input_handler.c:183 OpenSCAP#2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T7 created by T5 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf25be1d0 in probe_common_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/probe_main.c:256 OpenSCAP#2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T5 created by T0 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf253b6a0 in sch_queue_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/sch_queue.c:62 OpenSCAP#2 0x7fdbf253b6a0 in SEAP_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/seap.c:116 OpenSCAP#3 0x7fdbf253b6a0 in oval_probe_comm /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:443 OpenSCAP#4 0x7fdbf2543e1d in oval_probe_ext_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:980 OpenSCAP#5 0x7fdbf2543e1d in oval_probe_ext_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:858 OpenSCAP#6 0x7fdbf2545af4 in oval_probe_query_object /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:156 OpenSCAP#7 0x7fdbf255bf83 in oval_probe_query_test /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:257 OpenSCAP#8 0x7fdbf255bf83 in _oval_result_test_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1031 OpenSCAP#9 0x7fdbf255bf83 in oval_result_test_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1152 OpenSCAP#10 0x7fdbf255c67f in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:367 OpenSCAP#11 0x7fdbf255c67f in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#12 0x7fdbf255c61c in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:358 OpenSCAP#13 0x7fdbf255c61c in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#14 0x7fdbf255c835 in oval_result_definition_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultDefinition.c:165 OpenSCAP#15 0x7fdbf255cae8 in oval_result_system_eval_definition /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultSystem.c:373 OpenSCAP#16 0x7fdbf2502951 in oval_agent_eval_system /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_agent.c:286 OpenSCAP#17 0x7fdbf250ac0b in oval_session_evaluate /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_session.c:372 OpenSCAP#18 0x55cf5fd8b858 in app_evaluate_oval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-oval.c:360 OpenSCAP#19 0x55cf5fd94b86 in oscap_module_call /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:295 OpenSCAP#20 0x55cf5fd94b86 in oscap_module_process /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:389 OpenSCAP#21 0x55cf5fd81d4e in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap.c:88 OpenSCAP#22 0x7fdbf202954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) SUMMARY: AddressSanitizer: heap-buffer-overflow /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xmlfilecontent_probe.c:307 in process_file.isra.0 Shadow bytes around the buggy address: 0x0c1080075f60: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f70: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f80: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f90: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fa0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c1080075fb0: fa fa[fa]fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fe0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075ff0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1080076000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==866168==ABORTING
TEST: test_probe_xinetd_duplicates ================================================================= ==865597==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000001d4d at pc 0x7f78bcc4c87c bp 0x7ffdcac81740 sp 0x7ffdcac80ef0 READ of size 974 at 0x619000001d4d thread T0 #0 0x7f78bcc4c87b in __interceptor_strchr.part.0 (/lib64/libasan.so.8+0x4c87b) OpenSCAP#1 0x564e304c23e2 in xiconf_parse /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../sr c/OVAL/probes/unix/xinetd_probe.c:633 OpenSCAP#2 0x564e304ba8e5 in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xinetd/test_probe_xinetd.c:40 OpenSCAP#3 0x7f78bc42954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) OpenSCAP#4 0x7f78bc429608 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x29608) OpenSCAP#5 0x564e304baed4 in _start (/builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/redhat-linux-build/tests/probes/xinetd/tes t_probe_xinetd+0x4ed4) 0x619000001d4d is located 0 bytes to the right of 973-byte region [0x619000001980,0x619000001d4d) allocated by thread T0 here: #0 0x7f78bccba68f in __interceptor_malloc (/lib64/libasan.so.8+0xba68f) OpenSCAP#1 0x564e304c1a87 in xiconf_read /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../src /OVAL/probes/unix/xinetd_probe.c:525 OpenSCAP#2 0x564e304c226c in xiconf_parse /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../sr c/OVAL/probes/unix/xinetd_probe.c:608 OpenSCAP#3 0x564e304ba8e5 in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xinetd/test_probe_xinetd.c:40 OpenSCAP#4 0x7f78bc42954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0x4c87b) in __interceptor_strchr.part.0 Shadow bytes around the buggy address: 0x0c327fff8350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c327fff8390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c327fff83a0: 00 00 00 00 00 00 00 00 00[05]fa fa fa fa fa fa 0x0c327fff83b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff83c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff83d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff83e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c327fff83f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==865597==ABORTING
libxml2 does use <= when comparing nodeNr and 0. node line depends on node type, we need to use function to find it. See: https://github.com/tenderlove/libxml2/blob/ecb5d5afdc8acceba608524f6e98c361fd2ce0e9/tree.c#L4507 253/265 Test: probes/xmlfilecontent/test_xmlfilecontent_probe.sh Command: "/builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xmlfilecontent/test_xmlfilecontent_probe.sh" Directory: /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/redhat-linux-build/tests/probes/xmlfilecontent "probes/xmlfilecontent/test_xmlfilecontent_probe.sh" start time: Sep 04 20:13 EEST Output: ---------------------------------------------------------- ================================================================= ==866168==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080003efd90 at pc 0x7fdbf2623c59 bp 0x7fdbe7ab8430 sp 0x7fdbe7ab8428 READ of size 2 at 0x6080003efd90 thread T8 #0 0x7fdbf2623c58 in process_file.isra.0 /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xm lfilecontent_probe.c:307 OpenSCAP#1 0x7fdbf25dba5a in xmlfilecontent_probe_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independ ent/xmlfilecontent_probe.c:397 OpenSCAP#2 0x7fdbf25c2087 in probe_worker /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c:1114 OpenSCAP#3 0x7fdbf25bc44f in probe_worker_runfn /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c: 97 OpenSCAP#4 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) OpenSCAP#5 0x7fdbf21121af in clone3 (/lib64/libc.so.6+0x1121af) 0x6080003efd90 is located 16 bytes to the right of 96-byte region [0x6080003efd20,0x6080003efd80) allocated by thread T8 here: #0 0x7fdbf28ba68f in __interceptor_malloc (/lib64/libasan.so.8+0xba68f) OpenSCAP#1 0x7fdbf22cdb63 in xmlNewPropInternal.lto_priv.0 (/lib64/libxml2.so.2+0x57b63) Thread T8 created by T7 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf25bf673 in probe_input_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/input_handler.c:183 OpenSCAP#2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T7 created by T5 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf25be1d0 in probe_common_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/probe_main.c:256 OpenSCAP#2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T5 created by T0 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf253b6a0 in sch_queue_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/sch_queue.c:62 OpenSCAP#2 0x7fdbf253b6a0 in SEAP_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/seap.c:116 OpenSCAP#3 0x7fdbf253b6a0 in oval_probe_comm /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:443 OpenSCAP#4 0x7fdbf2543e1d in oval_probe_ext_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:980 OpenSCAP#5 0x7fdbf2543e1d in oval_probe_ext_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:858 OpenSCAP#6 0x7fdbf2545af4 in oval_probe_query_object /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:156 OpenSCAP#7 0x7fdbf255bf83 in oval_probe_query_test /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:257 OpenSCAP#8 0x7fdbf255bf83 in _oval_result_test_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1031 OpenSCAP#9 0x7fdbf255bf83 in oval_result_test_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1152 OpenSCAP#10 0x7fdbf255c67f in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:367 OpenSCAP#11 0x7fdbf255c67f in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#12 0x7fdbf255c61c in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:358 OpenSCAP#13 0x7fdbf255c61c in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#14 0x7fdbf255c835 in oval_result_definition_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultDefinition.c:165 OpenSCAP#15 0x7fdbf255cae8 in oval_result_system_eval_definition /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultSystem.c:373 OpenSCAP#16 0x7fdbf2502951 in oval_agent_eval_system /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_agent.c:286 OpenSCAP#17 0x7fdbf250ac0b in oval_session_evaluate /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_session.c:372 OpenSCAP#18 0x55cf5fd8b858 in app_evaluate_oval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-oval.c:360 OpenSCAP#19 0x55cf5fd94b86 in oscap_module_call /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:295 OpenSCAP#20 0x55cf5fd94b86 in oscap_module_process /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:389 OpenSCAP#21 0x55cf5fd81d4e in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap.c:88 OpenSCAP#22 0x7fdbf202954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) SUMMARY: AddressSanitizer: heap-buffer-overflow /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xmlfilecontent_probe.c:307 in process_file.isra.0 Shadow bytes around the buggy address: 0x0c1080075f60: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f70: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f80: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f90: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fa0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c1080075fb0: fa fa[fa]fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fe0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075ff0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1080076000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==866168==ABORTING
When there already exists a value under the given key in the hash table, oscap_htable_add doesn't put the value to the hash table and therefore the value isn't freed when the hash table is freed. The caller of oscap_htable_add needs to check if oscap_htable_add failed and in this situation is responsible to free the value. Addressing: oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_accounts_tmout /usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml --- Starting Evaluation --- Title Set Interactive Session Timeout Rule xccdf_org.ssgproject.content_rule_accounts_tmout Result fail ================================================================= ==85219==ERROR: LeakSanitizer: detected memory leaks Direct leak of 49 byte(s) in 1 object(s) allocated from: #0 0x4a3198 in strdup (/home/jcerny/work/git/openscap/build/utils/oscap+0x4a3198) (BuildId: 329fd48580c8ee52863c16be406cb9d7c3df95db) #1 0x7f090491f20c in oscap_strdup /home/jcerny/work/git/openscap/src/common/util.h:312:9 OpenSCAP#2 0x7f090491e9dd in ds_sds_dump_component_ref_as /home/jcerny/work/git/openscap/src/DS/sds.c:510:26 OpenSCAP#3 0x7f090491efce in ds_sds_dump_component_ref_as /home/jcerny/work/git/openscap/src/DS/sds.c:574:8 OpenSCAP#4 0x7f090491f7d3 in ds_sds_dump_component_ref /home/jcerny/work/git/openscap/src/DS/sds.c:601:15 OpenSCAP#5 0x7f0904917305 in ds_sds_session_register_component_with_dependencies /home/jcerny/work/git/openscap/src/DS/ds_sds_session.c:327:10 OpenSCAP#6 0x7f0904a0493c in xccdf_session_load_cpe /home/jcerny/work/git/openscap/src/XCCDF/xccdf_session.c:921:8 OpenSCAP#7 0x7f0904a03dc7 in xccdf_session_load /home/jcerny/work/git/openscap/src/XCCDF/xccdf_session.c:705:14 OpenSCAP#8 0x53333f in app_evaluate_xccdf /home/jcerny/work/git/openscap/utils/oscap-xccdf.c:641:6 OpenSCAP#9 0x52fedb in oscap_module_call /home/jcerny/work/git/openscap/utils/oscap-tool.c:295:10 OpenSCAP#10 0x5307fb in oscap_module_process /home/jcerny/work/git/openscap/utils/oscap-tool.c:389:19 OpenSCAP#11 0x53cee0 in main /home/jcerny/work/git/openscap/utils/oscap.c:88:15 OpenSCAP#12 0x7f090390950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) (BuildId: 81daba31ee66dbd63efdc4252a872949d874d136) SUMMARY: AddressSanitizer: 49 byte(s) leaked in 1 allocation(s).
Move the oscap_get_substring into the oscap_pcre.c module and rename it into oscap_pcre_get_substring. The function imposes implicit dependencies on PCRE/PCRE2 symbols even for utils.c users that won't use PCRE at all (SCE library).
Move the oscap_get_substring into the oscap_pcre.c module and rename it into oscap_pcre_get_substring. The function imposes implicit dependencies on PCRE/PCRE2 symbols even for utils.c users that won't use PCRE at all (SCE library).
Move the oscap_get_substring into the oscap_pcre.c module and rename it into oscap_pcre_get_substring. The function imposes implicit dependencies on PCRE/PCRE2 symbols even for utils.c users that won't use PCRE at all (SCE library).
Move the oscap_get_substring into the oscap_pcre.c module and rename it into oscap_pcre_get_substring. The function imposes implicit dependencies on PCRE/PCRE2 symbols even for utils.c users that won't use PCRE at all (SCE library).
When there already exists a value under the given key in the hash table, oscap_htable_add doesn't put the value to the hash table and therefore the value isn't freed when the hash table is freed. The caller of oscap_htable_add needs to check if oscap_htable_add failed and in this situation is responsible to free the value. Addressing: oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_accounts_tmout /usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml --- Starting Evaluation --- Title Set Interactive Session Timeout Rule xccdf_org.ssgproject.content_rule_accounts_tmout Result fail ================================================================= ==85219==ERROR: LeakSanitizer: detected memory leaks Direct leak of 49 byte(s) in 1 object(s) allocated from: #0 0x4a3198 in strdup (/home/jcerny/work/git/openscap/build/utils/oscap+0x4a3198) (BuildId: 329fd48580c8ee52863c16be406cb9d7c3df95db) #1 0x7f090491f20c in oscap_strdup /home/jcerny/work/git/openscap/src/common/util.h:312:9 #2 0x7f090491e9dd in ds_sds_dump_component_ref_as /home/jcerny/work/git/openscap/src/DS/sds.c:510:26 OpenSCAP#3 0x7f090491efce in ds_sds_dump_component_ref_as /home/jcerny/work/git/openscap/src/DS/sds.c:574:8 OpenSCAP#4 0x7f090491f7d3 in ds_sds_dump_component_ref /home/jcerny/work/git/openscap/src/DS/sds.c:601:15 OpenSCAP#5 0x7f0904917305 in ds_sds_session_register_component_with_dependencies /home/jcerny/work/git/openscap/src/DS/ds_sds_session.c:327:10 OpenSCAP#6 0x7f0904a0493c in xccdf_session_load_cpe /home/jcerny/work/git/openscap/src/XCCDF/xccdf_session.c:921:8 OpenSCAP#7 0x7f0904a03dc7 in xccdf_session_load /home/jcerny/work/git/openscap/src/XCCDF/xccdf_session.c:705:14 OpenSCAP#8 0x53333f in app_evaluate_xccdf /home/jcerny/work/git/openscap/utils/oscap-xccdf.c:641:6 OpenSCAP#9 0x52fedb in oscap_module_call /home/jcerny/work/git/openscap/utils/oscap-tool.c:295:10 OpenSCAP#10 0x5307fb in oscap_module_process /home/jcerny/work/git/openscap/utils/oscap-tool.c:389:19 OpenSCAP#11 0x53cee0 in main /home/jcerny/work/git/openscap/utils/oscap.c:88:15 OpenSCAP#12 0x7f090390950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) (BuildId: 81daba31ee66dbd63efdc4252a872949d874d136) SUMMARY: AddressSanitizer: 49 byte(s) leaked in 1 allocation(s).
Move the oscap_get_substring into the oscap_pcre.c module and rename it into oscap_pcre_get_substring. The function imposes implicit dependencies on PCRE/PCRE2 symbols even for utils.c users that won't use PCRE at all (SCE library).
When there already exists a value under the given key in the hash table, oscap_htable_add doesn't put the value to the hash table and therefore the value isn't freed when the hash table is freed. The caller of oscap_htable_add needs to check if oscap_htable_add failed and in this situation is responsible to free the value. Addressing: oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_accounts_tmout /usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml --- Starting Evaluation --- Title Set Interactive Session Timeout Rule xccdf_org.ssgproject.content_rule_accounts_tmout Result fail ================================================================= ==85219==ERROR: LeakSanitizer: detected memory leaks Direct leak of 49 byte(s) in 1 object(s) allocated from: #0 0x4a3198 in strdup (/home/jcerny/work/git/openscap/build/utils/oscap+0x4a3198) (BuildId: 329fd48580c8ee52863c16be406cb9d7c3df95db) #1 0x7f090491f20c in oscap_strdup /home/jcerny/work/git/openscap/src/common/util.h:312:9 #2 0x7f090491e9dd in ds_sds_dump_component_ref_as /home/jcerny/work/git/openscap/src/DS/sds.c:510:26 OpenSCAP#3 0x7f090491efce in ds_sds_dump_component_ref_as /home/jcerny/work/git/openscap/src/DS/sds.c:574:8 OpenSCAP#4 0x7f090491f7d3 in ds_sds_dump_component_ref /home/jcerny/work/git/openscap/src/DS/sds.c:601:15 OpenSCAP#5 0x7f0904917305 in ds_sds_session_register_component_with_dependencies /home/jcerny/work/git/openscap/src/DS/ds_sds_session.c:327:10 OpenSCAP#6 0x7f0904a0493c in xccdf_session_load_cpe /home/jcerny/work/git/openscap/src/XCCDF/xccdf_session.c:921:8 OpenSCAP#7 0x7f0904a03dc7 in xccdf_session_load /home/jcerny/work/git/openscap/src/XCCDF/xccdf_session.c:705:14 OpenSCAP#8 0x53333f in app_evaluate_xccdf /home/jcerny/work/git/openscap/utils/oscap-xccdf.c:641:6 OpenSCAP#9 0x52fedb in oscap_module_call /home/jcerny/work/git/openscap/utils/oscap-tool.c:295:10 OpenSCAP#10 0x5307fb in oscap_module_process /home/jcerny/work/git/openscap/utils/oscap-tool.c:389:19 OpenSCAP#11 0x53cee0 in main /home/jcerny/work/git/openscap/utils/oscap.c:88:15 OpenSCAP#12 0x7f090390950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) (BuildId: 81daba31ee66dbd63efdc4252a872949d874d136) SUMMARY: AddressSanitizer: 49 byte(s) leaked in 1 allocation(s).
Move the oscap_get_substring into the oscap_pcre.c module and rename it into oscap_pcre_get_substring. The function imposes implicit dependencies on PCRE/PCRE2 symbols even for utils.c users that won't use PCRE at all (SCE library).
Is it correct that
oscap oval eval
is broken in OpenSCAP version 0.9.3?On RHEL64 (no yum update) OpenSCAP appears to be version 0.9.3. For rule
umask_for_daemons
oscap oval eval
does not indicate failure.Subscribing the system to RedHat and updating openscap provides more expected results for
oscap oval eval
CentOS65 with OpenSCAP version 1.0.8, doing
oscap oval eval
forumask_for_daemons
responds:The text was updated successfully, but these errors were encountered: