starlingx/integ
Code Issues Proposed changes
d9ca4b8bcb
integ/security/openscap/debian/deb_folder/patches/add-missing-free.patch
Marcelo de Castro Loebens e17b830387 Upgrade Openscap (1.3.5 -> 1.3.6) 
Upgrade Openscap tool to release 1.3.6, using the debianized version
1.3.6+dsfg-6 for the packaging files available at
https://salsa.debian.org/debian/openscap/-/blob/debian/1.3.6+dfsg-6/debian/changelog
Didn't change any files or patches.

Segmentation faults during Openscap usage seen in Starlingx were
fixed in this release of Openscap, and are the reason of this upgrade.

Test Plan:
PASS: Build iso.

PASS: Deploy AIO-SX.

PASS: Check version (oscap --version). Result should be 1.3.6.

PASS: Run openscap using one of default manifests. There should be no
segmentation fault issues. Command i.e.:
"oscap xccdf eval --profile \
xccdf_org.ssgproject.content_profile_anssi_np_nt28_high \
--report controller-0-report.html \
/usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml".

Closes-Bug: 2006782

Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com>
Change-Id: I34ff193227ae51ec709b7d69b6a97abc074721f3
2023-02-14 18:57:00 -04:00

35 lines
1.7 KiB
Diff
Raw Blame History

From: Jan Cerny <jcerny@redhat.com>
Date: Thu, 27 Jan 2022 15:16:02 +0100
Subject: [PATCH] Add a missing free
Addressing:
Error: RESOURCE_LEAK (CWE-772): [#def4] [important]
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2144: alloc_fn: Storage is returned from allocation function "oscap_htable_iterator_new".
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2144: var_assign: Assigning: "rit" = storage returned from "oscap_htable_iterator_new(policy->rules)".
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2145: noescape: Resource "rit" is not freed or pointed-to in "oscap_htable_iterator_has_more".
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2146: noescape: Resource "rit" is not freed or pointed-to in "oscap_htable_iterator_next_key".
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2150: leaked_storage: Variable "rit" going out of scope leaks the storage it points to.
2148| oscap_seterr(OSCAP_EFAMILY_XCCDF,
2149| "Rule '%s' not found in selected profile.", rule_id);
2150|-> return NULL;
2151| }
2152| }
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/6ef54336a018566a32f6a95177635ada7f20794e
---
src/XCCDF_POLICY/xccdf_policy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/XCCDF_POLICY/xccdf_policy.c b/src/XCCDF_POLICY/xccdf_policy.c
index b63853a38f..4d4b7ad0a1 100644
--- a/src/XCCDF_POLICY/xccdf_policy.c
+++ b/src/XCCDF_POLICY/xccdf_policy.c
@@ -2147,6 +2147,7 @@ struct xccdf_result * xccdf_policy_evaluate(struct xccdf_policy * policy)
if (oscap_htable_get(policy->rules_found, rule_id) == NULL) {
oscap_seterr(OSCAP_EFAMILY_XCCDF,
"Rule '%s' not found in selected profile.", rule_id);
+ oscap_htable_iterator_free(rit);
return NULL;
}
}
View Git Blame Copy Permalink