Fix situation of missing colon in the --reference option

Instead of a segfault we will produce an error message.

Author: jan-cerny

src/XCCDF_POLICY/xccdf_policy.c

@@ -2309,13 +2309,17 @@ void xccdf_policy_set_reference_filter(struct xccdf_policy *policy, const char *
 	const char *uri = _find_reference_uri_by_key(benchmark, key);
 	if (!uri) {
 		oscap_seterr(OSCAP_EFAMILY_OSCAP, "Reference type '%s' isn't available in this benchmark", key);
-		free(reference_parameter_dup);
-		free(split);
-		return;
+		goto cleanup;
+	}
+	char *title = split[1];
+	if (!title) {
+		oscap_seterr(OSCAP_EFAMILY_OSCAP, "Reference identifier hasn't been provided");
+		goto cleanup;
 	}
 	policy->reference_filter.active = true;
 	policy->reference_filter.href = strdup(uri);
-	policy->reference_filter.title = strdup(split[1]);
+	policy->reference_filter.title = strdup(title);
+cleanup:
 	free(split);
 	free(reference_parameter_dup);
 }

tests/API/XCCDF/unittests/test_reference.sh

@@ -95,3 +95,10 @@ assert_exists 1 "//rule-result[@idref=\"$r3\"]/result[text()=\"pass\"]"
 assert_exists 1 "//rule-result[@idref=\"$r4\"]/result[text()=\"pass\"]"
 :> $stdout
 :> $result
+
+# Tests that when a wrong '--reference' option with a valid name but missing
+# identifier is provided OpenSCAP prints an errror message.
+$OSCAP xccdf eval --results $result --profile $p1 --reference "animals" $ds > $stdout 2> $stderr || [[ $? -eq 1 ]]
+grep -q "The --reference argument needs to be in form NAME:IDENTIFIER, using a colon as a separator." $stderr
+:> $stdout
+:> $result

utils/oscap-xccdf.c

@@ -637,10 +637,14 @@ int app_evaluate_xccdf(const struct oscap_action *action)
 		const char *rid = oscap_string_iterator_next(sit);
 		xccdf_session_skip_rule(session, rid);
 	}
+	oscap_string_iterator_free(sit);
 	if (action->reference) {
+		if (strchr(action->reference, ':') == NULL) {
+			fprintf(stderr, "The --reference argument needs to be in form NAME:IDENTIFIER, using a colon as a separator.\n");
+			goto cleanup;
+		}
 		xccdf_session_set_reference_filter(session, action->reference);
 	}
-	oscap_string_iterator_free(sit);
 
 	if (xccdf_session_load(session) != 0)
 		goto cleanup;