Bug 1474471 - openscap crashes when scanning system with invalid hostname
openscap crashes when scanning system with invalid hostname
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openscap (Show other bugs)
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Jan Černý
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2017-07-24 13:33 EDT by Matus Marhefka
Modified: 2017-07-27 02:05 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matus Marhefka 2017-07-24 13:33:20 EDT
Description of problem:
When scanning system with invalid host name, openscap crashes.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
# sysctl kernel.hostname=test_test
# cd tests/API/XCCDF/applicability
# make check
# grep -i "openscap error" -A15 test_api_xccdf_applicability.log
OpenSCAP Error: File '/tmp/test_remediate_fix_processing_ds.arf.52XmYH' line 0: Element '{http://scap.nist.gov/schema/asset-identification/1.1}hostname': [facet 'pattern'] The value 'test_test' is not accepted by the pattern '[\w\-]+(\.[\w\-]+){0,}'.
File '/tmp/test_remediate_fix_processing_ds.arf.52XmYH' line 0: Element '{http://scap.nist.gov/schema/asset-identification/1.1}hostname': 'test_test' is not a valid value of the atomic type '{http://scap.nist.gov/schema/asset-identification/1.1}hostname-type'.
Invalid ARF Result Datastream (1.1) content in /tmp/test_remediate_fix_processing_ds.arf.52XmYH. [oscap_source.c:342]
D: lt-probe_system_info: Received signal 15 from 30428 (parent) [lt-probe_system_info(30466):signal_handler(7fc12d3e1700):signal_handler.c:100:probe_signal_handler]
D: lt-probe_file: Received signal 15 from 30428 (parent) [lt-probe_file(30486):signal_handler(7ff224917700):signal_handler.c:100:probe_signal_handler]
./test_remediate_fix_processing_ds.sh: line 23: 30428 Segmentation fault      $OSCAP xccdf eval --verbose DEVEL --remediate --results $resultx --results-arf $arf $sds

Note: I removed redirection of stderr to a separate file in test_remediate_fix_processing_ds.sh file.
Comment 1 Matus Marhefka 2017-07-25 08:48:30 EDT
List of tests which are segfaulting due to this bug:


Note You need to log in before you can comment on or make changes to this bug.