Bug 1474471 - openscap crashes when scanning system with invalid hostname
openscap crashes when scanning system with invalid hostname
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openscap (Show other bugs)
7.4
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Jan Černý
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-24 13:33 EDT by Matus Marhefka
Modified: 2017-07-27 02:05 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matus Marhefka 2017-07-24 13:33:20 EDT
Description of problem:
When scanning system with invalid host name, openscap crashes.


Version-Release number of selected component (if applicable):
openscap-1.2.14-2.el7


How reproducible:
always


Steps to Reproduce:
# sysctl kernel.hostname=test_test
# cd tests/API/XCCDF/applicability
# make check
# grep -i "openscap error" -A15 test_api_xccdf_applicability.log
OpenSCAP Error: File '/tmp/test_remediate_fix_processing_ds.arf.52XmYH' line 0: Element '{http://scap.nist.gov/schema/asset-identification/1.1}hostname': [facet 'pattern'] The value 'test_test' is not accepted by the pattern '[\w\-]+(\.[\w\-]+){0,}'.
 [xccdf_session.c:587]
File '/tmp/test_remediate_fix_processing_ds.arf.52XmYH' line 0: Element '{http://scap.nist.gov/schema/asset-identification/1.1}hostname': 'test_test' is not a valid value of the atomic type '{http://scap.nist.gov/schema/asset-identification/1.1}hostname-type'.
 [xccdf_session.c:587]
Invalid ARF Result Datastream (1.1) content in /tmp/test_remediate_fix_processing_ds.arf.52XmYH. [oscap_source.c:342]
D: lt-probe_system_info: Received signal 15 from 30428 (parent) [lt-probe_system_info(30466):signal_handler(7fc12d3e1700):signal_handler.c:100:probe_signal_handler]
D: lt-probe_file: Received signal 15 from 30428 (parent) [lt-probe_file(30486):signal_handler(7ff224917700):signal_handler.c:100:probe_signal_handler]
./test_remediate_fix_processing_ds.sh: line 23: 30428 Segmentation fault      $OSCAP xccdf eval --verbose DEVEL --remediate --results $resultx --results-arf $arf $sds

Note: I removed redirection of stderr to a separate file in test_remediate_fix_processing_ds.sh file.
Comment 1 Matus Marhefka 2017-07-25 08:48:30 EDT
List of tests which are segfaulting due to this bug:

tests/API/XCCDF/applicability/test_remediate_fix_processing_ds.sh
tests/API/XCCDF/unittests/test_xccdf_results_arf_no_oval.sh
tests/API/XCCDF/unittests/test_fix_script_header.sh
tests/API/XCCDF/unittests/test_fix_arf.sh
tests/bz2/test_bz2_datastream.sh
tests/DS/test_ds.sh

Note You need to log in before you can comment on or make changes to this bug.