Blame SOURCES/openscap-1.3.6-PR-1748-covscan.patch

f8d3e0
From 378ef5e438a2f5af7a50374d2bd23bdd3403201f Mon Sep 17 00:00:00 2001
f8d3e0
From: Evgeny Kolesnikov <ekolesni@redhat.com>
f8d3e0
Date: Tue, 4 May 2021 08:41:06 +0200
f8d3e0
Subject: [PATCH] Fix covscan-reported issues in yamlfilecontent probe and
f8d3e0
 schematron
f8d3e0
f8d3e0
Error: FORWARD_NULL (CWE-476): [#def1]
f8d3e0
/OVAL/probes/independent/yamlfilecontent_probe.c:392: var_compare_op: Comparing "yaml_file" to null implies that "yaml_file" might be null.
f8d3e0
/OVAL/probes/independent/yamlfilecontent_probe.c:417: var_deref_model: Passing null pointer "yaml_file" to "fclose", which dereferences it.
f8d3e0
#  416|   cleanup:
f8d3e0
#  417|-> 	fclose(yaml_file);
f8d3e0
#  418|   	yaml_parser_delete(&parser);
f8d3e0
f8d3e0
Error: RESOURCE_LEAK (CWE-772): [#def2] [important]
f8d3e0
/source/schematron.c:549: alloc_fn: Storage is returned from allocation function "xmlXPathNodeEval".
f8d3e0
/source/schematron.c:549: var_assign: Assigning: "component_refs" = storage returned from "xmlXPathNodeEval(data_stream_node, (xmlChar *)"ds:checklists/ds:component-ref", context)".
f8d3e0
/source/schematron.c:551: leaked_storage: Variable "component_refs" going out of scope leaks the storage it points to.
f8d3e0
#  550|   	if (component_refs == NULL || component_refs->nodesetval == NULL) {
f8d3e0
#  551|-> 		return res;
f8d3e0
#  552|   	}
f8d3e0
---
f8d3e0
 src/OVAL/probes/independent/yamlfilecontent_probe.c | 3 ++-
f8d3e0
 src/source/schematron.c                             | 2 ++
f8d3e0
 2 files changed, 4 insertions(+), 1 deletion(-)
f8d3e0
f8d3e0
diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
f8d3e0
index ed5ce0d68..62a8f4ff2 100644
f8d3e0
--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
f8d3e0
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
f8d3e0
@@ -414,7 +414,8 @@ static int process_yaml_file(const char *prefix, const char *path, const char *f
f8d3e0
 	}
f8d3e0
 
f8d3e0
 cleanup:
f8d3e0
-	fclose(yaml_file);
f8d3e0
+	if (yaml_file != NULL)
f8d3e0
+		fclose(yaml_file);
f8d3e0
 	yaml_parser_delete(&parser);
f8d3e0
 	free(filepath_with_prefix);
f8d3e0
 	free(filepath);
f8d3e0
diff --git a/src/source/schematron.c b/src/source/schematron.c
f8d3e0
index 6cb22658b..c32d5aed6 100644
f8d3e0
--- a/src/source/schematron.c
f8d3e0
+++ b/src/source/schematron.c
f8d3e0
@@ -548,6 +548,8 @@ static bool _req_src_346_1_sub1(xmlNodePtr data_stream_node, xmlXPathContextPtr
f8d3e0
 	/* every $m in ds:checklists/ds:component-ref satisfies ... */
f8d3e0
 	xmlXPathObjectPtr component_refs = xmlXPathNodeEval(data_stream_node, BAD_CAST "ds:checklists/ds:component-ref", context);
f8d3e0
 	if (component_refs == NULL || component_refs->nodesetval == NULL) {
f8d3e0
+		if (component_refs != NULL)
f8d3e0
+			xmlXPathFreeObject(component_refs);
f8d3e0
 		return res;
f8d3e0
 	}
f8d3e0
 	for (int i = 0; i < component_refs->nodesetval->nodeNr; i++) {