Merge pull request #2291 from Mab879/fix_2289

Fix null ptr deref in xccdf_benchmark_parse

Author: jan-cerny

src/XCCDF/benchmark.c

@@ -166,7 +166,7 @@ bool xccdf_benchmark_parse(struct xccdf_item * benchmark, xmlTextReaderPtr reade
 			parsed_model = xccdf_model_new_xml(reader);
 
 			// we won't add the implied default scoring model, it is already in the benchmark
-			if (strcmp(xccdf_model_get_system(parsed_model), "urn:xccdf:scoring:default") != 0)
+			if (oscap_strcmp(xccdf_model_get_system(parsed_model), "urn:xccdf:scoring:default") != 0)
 				xccdf_benchmark_add_model(XBENCHMARK(benchmark), parsed_model);
 			else
 				xccdf_model_free(parsed_model);

tests/API/XCCDF/unittests/CMakeLists.txt

@@ -114,3 +114,4 @@ add_oscap_test("test_no_newline_between_select_elements.sh")
 add_oscap_test("test_single_line_tailoring.sh")
 add_oscap_test("test_reference.sh")
 add_oscap_test("test_remediation_bootc.sh")
+add_oscap_test("openscap_2289_regression.sh")

tests/API/XCCDF/unittests/openscap_2289_regression.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e -o pipefail
+
+. $builddir/tests/test_common.sh
+
+$OSCAP info "$top_srcdir/tests/API/XCCDF/unittests/openscap_2289_regression.xml"

tests/API/XCCDF/unittests/openscap_2289_regression.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xsi="htnce" id="RHEL-6" xsiion="httd" resolved="0" xml:lang="en-US">
+  <status date="2011-12-08">draft</status>
+  <title xmng="S">Ss</title>
+  <description xmlg="e">Oprt</description>
+  <version>0.1</version>
+  <model sysNem="urn:xccdf:scoring:default"/>
+  <model system="urnlat"/>
+  <Group id="bash-passer" hidden="false"> <title lang="en-US">CheAL</title>
+    <description >Be </description>
+    <Rule id="rule-1000" selected="true" weight="0">
+  <title xmlg="e">TE)</title>
+  <check system="h5">
+<check-content-ref href="../l" name="ova1"/>   </check>
+</Rule>
+  </Group>
+</Benchmark>