Prevent segfault #1610
Merged
Prevent segfault #1610
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prevent segfault if there are circular dependencies between OVAL definitions. This segfault happened when an OVAL definition references itself in the extend_definition element. It can also happen when the referenced OVAL definition references back to the parent OVAL definition and therefore there is a circular dependency between OVAL definitions. See the test OVALs for examples of such definitions. The circle wasn't detected and it caused infinite recursion which caused a segfault. The fix uses a list which stores the IDs of already evaluated definitions and it checks if a definition isn't evaluated for the second time. Fixes: rhbz#1812476
Contributor
|
@jan-cerny It fails to pass its own test on Ubuntu, can you please check it out? |
Contributor
|
Because, for some reason, we have insetad of as the test expects. |
Contributor
|
Also, can we maybe test it with a less exotic probe/test? |
Member
Author
|
OK, I'll look into this. I think any probe can be used, it should be reproducible regardless of the used probe because the problem was on the OVAL level. The systemd probe was used in the original reproducer in the BZ so it was created from that. |
Member
Author
|
I tried to change the test to make it more general and to use the OVAL file test insted of OVAL systemdunit test in the test files. Let's take a look on the new CI run now. |
evgenyz
reviewed
Oct 1, 2020
evgenyz
reviewed
Oct 1, 2020
Contributor
|
Otherwise LGTM. |
Member
Author
|
I have removed the superfluous braces. |
Member
Author
|
@openscap-ci test this please |
jan-cerny
added a commit
to jan-cerny/openscap
that referenced
this pull request
Oct 5, 2020
Addressing: 8 bytes in 1 blocks are indirectly lost in loss record 7 of 235 at 0x483A809: malloc (vg_replace_malloc.c:307) by 0x48F15CA: oval_collection_new (oval_collection.c:64) by 0x48F4FCC: oval_result_criteria_node_new (oval_resultCriteriaNode.c:106) by 0x48F5580: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:249) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217) by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279) by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395) by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369) by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181) 8 bytes in 1 blocks are definitely lost in loss record 8 of 235 at 0x483A809: malloc (vg_replace_malloc.c:307) by 0x48F1799: oval_collection_iterator (oval_collection.c:120) by 0x48CCE4C: oval_criteria_node_get_subnodes (oval_criteriaNode.c:161) by 0x48F5590: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:255) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217) by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279) by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395) by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369) by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181) 48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 125 of 235 at 0x483A809: malloc (vg_replace_malloc.c:307) by 0x48F4F50: oval_result_criteria_node_new (oval_resultCriteriaNode.c:98) by 0x48F5580: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:249) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217) by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279) by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395) by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369) by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181) by 0x48C2671: oval_agent_eval_system (oval_agent.c:286) This leak has been created by OpenSCAP#1610.
Merged
tom-seewald
pushed a commit
to tom-seewald/openscap
that referenced
this pull request
Nov 2, 2020
Addressing: 8 bytes in 1 blocks are indirectly lost in loss record 7 of 235 at 0x483A809: malloc (vg_replace_malloc.c:307) by 0x48F15CA: oval_collection_new (oval_collection.c:64) by 0x48F4FCC: oval_result_criteria_node_new (oval_resultCriteriaNode.c:106) by 0x48F5580: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:249) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217) by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279) by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395) by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369) by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181) 8 bytes in 1 blocks are definitely lost in loss record 8 of 235 at 0x483A809: malloc (vg_replace_malloc.c:307) by 0x48F1799: oval_collection_iterator (oval_collection.c:120) by 0x48CCE4C: oval_criteria_node_get_subnodes (oval_criteriaNode.c:161) by 0x48F5590: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:255) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217) by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279) by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395) by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369) by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181) 48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 125 of 235 at 0x483A809: malloc (vg_replace_malloc.c:307) by 0x48F4F50: oval_result_criteria_node_new (oval_resultCriteriaNode.c:98) by 0x48F5580: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:249) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217) by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279) by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260) by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130) by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395) by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369) by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181) by 0x48C2671: oval_agent_eval_system (oval_agent.c:286) This leak has been created by OpenSCAP#1610.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prevent segfault if there are circular dependencies between OVAL
definitions. This segfault happened when an OVAL definition references
itself in the extend_definition element. It can also happen when the
referenced OVAL definition references back to the parent OVAL definition
and therefore there is a circular dependency between OVAL definitions.
See the test OVALs for examples of such definitions. The circle wasn't
detected and it caused infinite recursion which caused a segfault.
The fix uses a list which stores the IDs of already evaluated
definitions and it checks if a definition isn't evaluated for the second
time.
Fixes: rhbz#1812476