Bug 1812476
| Summary: | evaluating OVALs with circular dependencies between definitions causes segfault | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Vojtech Polasek <vpolasek> | ||||
| Component: | openscap | Assignee: | Jan Černý <jcerny> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Matus Marhefka <mmarhefk> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 8.2 | CC: | ekolesni, matyc, mhaicman | ||||
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
||||
| Target Release: | 8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | openscap-1.3.4-1.el8 | Doc Type: | No Doc Update | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-05-18 15:29:12 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
The issue is caused by infinite recursion where extend_definition references itself in the OVAL. This causes that openscap will eventually reach the stack limit per process (ulimit -s) and it is killed by the kernel. Anyway, openscap should not segfault in any case so this needs to be fixed (e.g. by adding a limit for the extend_definition). Fixed upstream in https://github.com/OpenSCAP/openscap/pull/1610. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (openscap bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2021:1784 |
Created attachment 1669263 [details] The end of backtrace for endless recursion To get the backtrace it is better to decrease the stack size, for example with `ulimit -s 128` so the backtrace is not so long