openscap icon indicating copy to clipboard operation
openscap copied to clipboard
verified publisher icon OpenSCAP

malloc failure is not handled

Open mshingote opened this issue 2 years ago • 2 comments

Ref code: https://github.com/OpenSCAP/openscap/blob/maint-1.3/src/OVAL/probes/independent/textfilecontent_probe.c#L164

mshingote avatar Jul 25 '23 12:07 mshingote

There are dozens of calls to malloc that are not checked that it's scary in a "security scanner" tool.

ricardobranco777 avatar Mar 26 '24 22:03 ricardobranco777

Patches are welcome.

Keep in mind, though, that textfilecontent test is deprecated and has been replaced with textfilecontent54 like a decade ago.

evgenyz avatar Mar 27 '24 00:03 evgenyz

Where is was completed? There are still unchecked calls to malloc.

ricardobranco777 avatar Jul 17 '24 12:07 ricardobranco777

If for some reason in a contemporary Linux you can't "allocate" memory (allocator returns NULL) for the name of a file you're pretty much screwed anyways. Also, the probe is deprecated.

I'll happily review the PR, tho.

evgenyz avatar Jul 17 '24 12:07 evgenyz