Conversation
ggbecker
pushed a commit
that referenced
this pull request
Apr 10, 2026
TEST: test_probe_xinetd_duplicates
=================================================================
==865597==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000001d4d at pc 0x7f78bcc4c87c bp 0x7ffdcac81740 sp 0x7ffdcac80ef0
READ of size 974 at 0x619000001d4d thread T0
#0 0x7f78bcc4c87b in __interceptor_strchr.part.0 (/lib64/libasan.so.8+0x4c87b)
#1 0x564e304c23e2 in xiconf_parse /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../sr
c/OVAL/probes/unix/xinetd_probe.c:633
#2 0x564e304ba8e5 in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xinetd/test_probe_xinetd.c:40
#3 0x7f78bc42954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f)
OpenSCAP#4 0x7f78bc429608 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x29608)
OpenSCAP#5 0x564e304baed4 in _start (/builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/redhat-linux-build/tests/probes/xinetd/tes
t_probe_xinetd+0x4ed4)
0x619000001d4d is located 0 bytes to the right of 973-byte region [0x619000001980,0x619000001d4d)
allocated by thread T0 here:
#0 0x7f78bccba68f in __interceptor_malloc (/lib64/libasan.so.8+0xba68f)
#1 0x564e304c1a87 in xiconf_read /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../src
/OVAL/probes/unix/xinetd_probe.c:525
#2 0x564e304c226c in xiconf_parse /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/public/../../../../sr
c/OVAL/probes/unix/xinetd_probe.c:608
#3 0x564e304ba8e5 in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xinetd/test_probe_xinetd.c:40
OpenSCAP#4 0x7f78bc42954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0x4c87b) in __interceptor_strchr.part.0
Shadow bytes around the buggy address:
0x0c327fff8350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c327fff8390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c327fff83a0: 00 00 00 00 00 00 00 00 00[05]fa fa fa fa fa fa
0x0c327fff83b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff83c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff83d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff83e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c327fff83f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==865597==ABORTING
ggbecker
pushed a commit
that referenced
this pull request
Apr 10, 2026
libxml2 does use <= when comparing nodeNr and 0. node line depends on node type, we need to use function to find it. See: https://github.com/tenderlove/libxml2/blob/ecb5d5afdc8acceba608524f6e98c361fd2ce0e9/tree.c#L4507 253/265 Test: probes/xmlfilecontent/test_xmlfilecontent_probe.sh Command: "/builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xmlfilecontent/test_xmlfilecontent_probe.sh" Directory: /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/redhat-linux-build/tests/probes/xmlfilecontent "probes/xmlfilecontent/test_xmlfilecontent_probe.sh" start time: Sep 04 20:13 EEST Output: ---------------------------------------------------------- ================================================================= ==866168==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080003efd90 at pc 0x7fdbf2623c59 bp 0x7fdbe7ab8430 sp 0x7fdbe7ab8428 READ of size 2 at 0x6080003efd90 thread T8 #0 0x7fdbf2623c58 in process_file.isra.0 /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xm lfilecontent_probe.c:307 #1 0x7fdbf25dba5a in xmlfilecontent_probe_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independ ent/xmlfilecontent_probe.c:397 #2 0x7fdbf25c2087 in probe_worker /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c:1114 #3 0x7fdbf25bc44f in probe_worker_runfn /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c: 97 OpenSCAP#4 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) OpenSCAP#5 0x7fdbf21121af in clone3 (/lib64/libc.so.6+0x1121af) 0x6080003efd90 is located 16 bytes to the right of 96-byte region [0x6080003efd20,0x6080003efd80) allocated by thread T8 here: #0 0x7fdbf28ba68f in __interceptor_malloc (/lib64/libasan.so.8+0xba68f) #1 0x7fdbf22cdb63 in xmlNewPropInternal.lto_priv.0 (/lib64/libxml2.so.2+0x57b63) Thread T8 created by T7 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) #1 0x7fdbf25bf673 in probe_input_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/input_handler.c:183 #2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T7 created by T5 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) #1 0x7fdbf25be1d0 in probe_common_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/probe_main.c:256 #2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T5 created by T0 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) #1 0x7fdbf253b6a0 in sch_queue_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/sch_queue.c:62 #2 0x7fdbf253b6a0 in SEAP_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/seap.c:116 #3 0x7fdbf253b6a0 in oval_probe_comm /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:443 OpenSCAP#4 0x7fdbf2543e1d in oval_probe_ext_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:980 OpenSCAP#5 0x7fdbf2543e1d in oval_probe_ext_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:858 OpenSCAP#6 0x7fdbf2545af4 in oval_probe_query_object /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:156 OpenSCAP#7 0x7fdbf255bf83 in oval_probe_query_test /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:257 OpenSCAP#8 0x7fdbf255bf83 in _oval_result_test_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1031 OpenSCAP#9 0x7fdbf255bf83 in oval_result_test_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1152 OpenSCAP#10 0x7fdbf255c67f in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:367 OpenSCAP#11 0x7fdbf255c67f in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#12 0x7fdbf255c61c in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:358 OpenSCAP#13 0x7fdbf255c61c in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#14 0x7fdbf255c835 in oval_result_definition_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultDefinition.c:165 OpenSCAP#15 0x7fdbf255cae8 in oval_result_system_eval_definition /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultSystem.c:373 OpenSCAP#16 0x7fdbf2502951 in oval_agent_eval_system /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_agent.c:286 OpenSCAP#17 0x7fdbf250ac0b in oval_session_evaluate /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_session.c:372 OpenSCAP#18 0x55cf5fd8b858 in app_evaluate_oval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-oval.c:360 OpenSCAP#19 0x55cf5fd94b86 in oscap_module_call /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:295 OpenSCAP#20 0x55cf5fd94b86 in oscap_module_process /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:389 OpenSCAP#21 0x55cf5fd81d4e in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap.c:88 OpenSCAP#22 0x7fdbf202954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) SUMMARY: AddressSanitizer: heap-buffer-overflow /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xmlfilecontent_probe.c:307 in process_file.isra.0 Shadow bytes around the buggy address: 0x0c1080075f60: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f70: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f80: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f90: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fa0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c1080075fb0: fa fa[fa]fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fe0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075ff0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1080076000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==866168==ABORTING
ggbecker
pushed a commit
that referenced
this pull request
Apr 10, 2026
When there already exists a value under the given key in the
hash table, oscap_htable_add doesn't put the value to the hash table
and therefore the value isn't freed when the hash table is freed.
The caller of oscap_htable_add needs to check if oscap_htable_add
failed and in this situation is responsible to free the value.
Addressing:
oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_accounts_tmout /usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
--- Starting Evaluation ---
Title Set Interactive Session Timeout
Rule xccdf_org.ssgproject.content_rule_accounts_tmout
Result fail
=================================================================
==85219==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 49 byte(s) in 1 object(s) allocated from:
#0 0x4a3198 in strdup (/home/jcerny/work/git/openscap/build/utils/oscap+0x4a3198) (BuildId: 329fd48580c8ee52863c16be406cb9d7c3df95db)
#1 0x7f090491f20c in oscap_strdup /home/jcerny/work/git/openscap/src/common/util.h:312:9
#2 0x7f090491e9dd in ds_sds_dump_component_ref_as /home/jcerny/work/git/openscap/src/DS/sds.c:510:26
#3 0x7f090491efce in ds_sds_dump_component_ref_as /home/jcerny/work/git/openscap/src/DS/sds.c:574:8
OpenSCAP#4 0x7f090491f7d3 in ds_sds_dump_component_ref /home/jcerny/work/git/openscap/src/DS/sds.c:601:15
OpenSCAP#5 0x7f0904917305 in ds_sds_session_register_component_with_dependencies /home/jcerny/work/git/openscap/src/DS/ds_sds_session.c:327:10
OpenSCAP#6 0x7f0904a0493c in xccdf_session_load_cpe /home/jcerny/work/git/openscap/src/XCCDF/xccdf_session.c:921:8
OpenSCAP#7 0x7f0904a03dc7 in xccdf_session_load /home/jcerny/work/git/openscap/src/XCCDF/xccdf_session.c:705:14
OpenSCAP#8 0x53333f in app_evaluate_xccdf /home/jcerny/work/git/openscap/utils/oscap-xccdf.c:641:6
OpenSCAP#9 0x52fedb in oscap_module_call /home/jcerny/work/git/openscap/utils/oscap-tool.c:295:10
OpenSCAP#10 0x5307fb in oscap_module_process /home/jcerny/work/git/openscap/utils/oscap-tool.c:389:19
OpenSCAP#11 0x53cee0 in main /home/jcerny/work/git/openscap/utils/oscap.c:88:15
OpenSCAP#12 0x7f090390950f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) (BuildId: 81daba31ee66dbd63efdc4252a872949d874d136)
SUMMARY: AddressSanitizer: 49 byte(s) leaked in 1 allocation(s).
ggbecker
pushed a commit
that referenced
this pull request
Apr 10, 2026
Move the oscap_get_substring into the oscap_pcre.c module and rename it into oscap_pcre_get_substring. The function imposes implicit dependencies on PCRE/PCRE2 symbols even for utils.c users that won't use PCRE at all (SCE library).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.