Bug#932120: oscap oval eval segfaults

Mon, 15 Jul 2019 06:06:59 -0700 

Package: libopenscap8
Version: 1.2.16-2
Severity: important
With Debian Buster, when I invoke "/bin/oscap oval eval --skip-valid --results oval-definitions-buster.result.xml oval-definitions-buster.xml" with the definition file downloaded from https://www.debian.org/security/oval/oval-definitions-buster.xml the evaluation fails with lots of segmentation faults in /usr/lib/x86_64-linux-gnu/openscap/probe_dpkginfo 

The following logs appear during execution:

Definition oval:org.debian:def:20177413: false
W: oscap:     Can't receive message: 103, Software caused connection abort.
Definition oval:org.debian:def:20177407: error
[...]
Definition oval:org.debian:def:20177377: false
W: oscap:     Can't receive message: 4, Interrupted system call.
E: oscap:     Can't close sd: 10, No child processes.
E: oscap:     Recv: retry limit (0) reached.
Definition oval:org.debian:def:20177376: true
W: oscap:     Can't receive message: 4, Interrupted system call.
E: oscap:     Can't close sd: 10, No child processes.
E: oscap:     Recv: retry limit (0) reached.
Definition oval:org.debian:def:20177375: true
[...]
Can't connect to the probe [../../../src/OVAL/oval_probe_ext.c:468]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] 

audit log:
type=ANOM_ABEND msg=audit(1563194718.360:317265): auid=0 uid=0 gid=0 ses=8882 pid=16312 comm="probe_worker" exe="/usr/lib/x86_64-linux-gnu/openscap/probe_dpkginfo" sig=11 res=1 

The process exits with return code 1 and no result file is generated.
The attached patch corrects this behaviour and makes the feature usable.
Upstream already has a bug report about the issue here: https://github.com/OpenSCAP/openscap/issues/1367 

Regards


--- a/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx
+++ b/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx
@@ -109,7 +109,7 @@
         return reply;
 }
 
-void * dpkginfo_free_reply(struct dpkginfo_reply_t *reply)
+void dpkginfo_free_reply(struct dpkginfo_reply_t *reply)
 {
         if (reply) {
                 free(reply->name);
--- a/src/OVAL/probes/unix/linux/dpkginfo-helper.h
+++ b/src/OVAL/probes/unix/linux/dpkginfo-helper.h
@@ -40,7 +40,7 @@
 
 struct dpkginfo_reply_t * dpkginfo_get_by_name(const char *name, int *err);
 
-void * dpkginfo_free_reply(struct dpkginfo_reply_t *reply);
+void dpkginfo_free_reply(struct dpkginfo_reply_t *reply);
 
 #ifdef __cplusplus
 }

Reply via email to