|
|
f8d3e0 |
From 378ef5e438a2f5af7a50374d2bd23bdd3403201f Mon Sep 17 00:00:00 2001
|
|
|
f8d3e0 |
From: Evgeny Kolesnikov <ekolesni@redhat.com>
|
|
|
f8d3e0 |
Date: Tue, 4 May 2021 08:41:06 +0200
|
|
|
f8d3e0 |
Subject: [PATCH] Fix covscan-reported issues in yamlfilecontent probe and
|
|
|
f8d3e0 |
schematron
|
|
|
f8d3e0 |
|
|
|
f8d3e0 |
Error: FORWARD_NULL (CWE-476): [#def1]
|
|
|
f8d3e0 |
/OVAL/probes/independent/yamlfilecontent_probe.c:392: var_compare_op: Comparing "yaml_file" to null implies that "yaml_file" might be null.
|
|
|
f8d3e0 |
/OVAL/probes/independent/yamlfilecontent_probe.c:417: var_deref_model: Passing null pointer "yaml_file" to "fclose", which dereferences it.
|
|
|
f8d3e0 |
# 416| cleanup:
|
|
|
f8d3e0 |
# 417|-> fclose(yaml_file);
|
|
|
f8d3e0 |
# 418| yaml_parser_delete(&parser);
|
|
|
f8d3e0 |
|
|
|
f8d3e0 |
Error: RESOURCE_LEAK (CWE-772): [#def2] [important]
|
|
|
f8d3e0 |
/source/schematron.c:549: alloc_fn: Storage is returned from allocation function "xmlXPathNodeEval".
|
|
|
f8d3e0 |
/source/schematron.c:549: var_assign: Assigning: "component_refs" = storage returned from "xmlXPathNodeEval(data_stream_node, (xmlChar *)"ds:checklists/ds:component-ref", context)".
|
|
|
f8d3e0 |
/source/schematron.c:551: leaked_storage: Variable "component_refs" going out of scope leaks the storage it points to.
|
|
|
f8d3e0 |
# 550| if (component_refs == NULL || component_refs->nodesetval == NULL) {
|
|
|
f8d3e0 |
# 551|-> return res;
|
|
|
f8d3e0 |
# 552| }
|
|
|
f8d3e0 |
---
|
|
|
f8d3e0 |
src/OVAL/probes/independent/yamlfilecontent_probe.c | 3 ++-
|
|
|
f8d3e0 |
src/source/schematron.c | 2 ++
|
|
|
f8d3e0 |
2 files changed, 4 insertions(+), 1 deletion(-)
|
|
|
f8d3e0 |
|
|
|
f8d3e0 |
diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
|
|
|
f8d3e0 |
index ed5ce0d68..62a8f4ff2 100644
|
|
|
f8d3e0 |
--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
|
|
|
f8d3e0 |
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
|
|
|
f8d3e0 |
@@ -414,7 +414,8 @@ static int process_yaml_file(const char *prefix, const char *path, const char *f
|
|
|
f8d3e0 |
}
|
|
|
f8d3e0 |
|
|
|
f8d3e0 |
cleanup:
|
|
|
f8d3e0 |
- fclose(yaml_file);
|
|
|
f8d3e0 |
+ if (yaml_file != NULL)
|
|
|
f8d3e0 |
+ fclose(yaml_file);
|
|
|
f8d3e0 |
yaml_parser_delete(&parser);
|
|
|
f8d3e0 |
free(filepath_with_prefix);
|
|
|
f8d3e0 |
free(filepath);
|
|
|
f8d3e0 |
diff --git a/src/source/schematron.c b/src/source/schematron.c
|
|
|
f8d3e0 |
index 6cb22658b..c32d5aed6 100644
|
|
|
f8d3e0 |
--- a/src/source/schematron.c
|
|
|
f8d3e0 |
+++ b/src/source/schematron.c
|
|
|
f8d3e0 |
@@ -548,6 +548,8 @@ static bool _req_src_346_1_sub1(xmlNodePtr data_stream_node, xmlXPathContextPtr
|
|
|
f8d3e0 |
/* every $m in ds:checklists/ds:component-ref satisfies ... */
|
|
|
f8d3e0 |
xmlXPathObjectPtr component_refs = xmlXPathNodeEval(data_stream_node, BAD_CAST "ds:checklists/ds:component-ref", context);
|
|
|
f8d3e0 |
if (component_refs == NULL || component_refs->nodesetval == NULL) {
|
|
|
f8d3e0 |
+ if (component_refs != NULL)
|
|
|
f8d3e0 |
+ xmlXPathFreeObject(component_refs);
|
|
|
f8d3e0 |
return res;
|
|
|
f8d3e0 |
}
|
|
|
f8d3e0 |
for (int i = 0; i < component_refs->nodesetval->nodeNr; i++) {
|