Bug 1474471 – openscap crashes when scanning system with invalid hostname

Bug 1474471 - openscap crashes when scanning system with invalid hostname

Summary:	openscap crashes when scanning system with invalid hostname

Status:	NEW

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	openscap (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	Unspecified Unspecified

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Jan Černý
QA Contact:	BaseOS QE Security Team
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-07-24 13:33 EDT by Matus Marhefka
Modified:	2017-07-27 02:05 EDT (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Matus Marhefka 2017-07-24 13:33:20 EDT

Description of problem:
When scanning system with invalid host name, openscap crashes.


Version-Release number of selected component (if applicable):
openscap-1.2.14-2.el7


How reproducible:
always


Steps to Reproduce:
# sysctl kernel.hostname=test_test
# cd tests/API/XCCDF/applicability
# make check
# grep -i "openscap error" -A15 test_api_xccdf_applicability.log
OpenSCAP Error: File '/tmp/test_remediate_fix_processing_ds.arf.52XmYH' line 0: Element '{http://scap.nist.gov/schema/asset-identification/1.1}hostname': [facet 'pattern'] The value 'test_test' is not accepted by the pattern '[\w\-]+(\.[\w\-]+){0,}'.
 [xccdf_session.c:587]
File '/tmp/test_remediate_fix_processing_ds.arf.52XmYH' line 0: Element '{http://scap.nist.gov/schema/asset-identification/1.1}hostname': 'test_test' is not a valid value of the atomic type '{http://scap.nist.gov/schema/asset-identification/1.1}hostname-type'.
 [xccdf_session.c:587]
Invalid ARF Result Datastream (1.1) content in /tmp/test_remediate_fix_processing_ds.arf.52XmYH. [oscap_source.c:342]
D: lt-probe_system_info: Received signal 15 from 30428 (parent) [lt-probe_system_info(30466):signal_handler(7fc12d3e1700):signal_handler.c:100:probe_signal_handler]
D: lt-probe_file: Received signal 15 from 30428 (parent) [lt-probe_file(30486):signal_handler(7ff224917700):signal_handler.c:100:probe_signal_handler]
./test_remediate_fix_processing_ds.sh: line 23: 30428 Segmentation fault      $OSCAP xccdf eval --verbose DEVEL --remediate --results $resultx --results-arf $arf $sds

Note: I removed redirection of stderr to a separate file in test_remediate_fix_processing_ds.sh file.

Comment 1 Matus Marhefka 2017-07-25 08:48:30 EDT

List of tests which are segfaulting due to this bug:

tests/API/XCCDF/applicability/test_remediate_fix_processing_ds.sh
tests/API/XCCDF/unittests/test_xccdf_results_arf_no_oval.sh
tests/API/XCCDF/unittests/test_fix_script_header.sh
tests/API/XCCDF/unittests/test_fix_arf.sh
tests/bz2/test_bz2_datastream.sh
tests/DS/test_ds.sh

Note You need to log in before you can comment on or make changes to this bug.