Fix various issues reported by Coverity

0intro · 0intro · commit cb8d27d0507b · 2023-10-25T11:34:26.000+02:00
- oval_sexp_to_sysitem: null pointer derefrence
 - probe_worker: insecure chroot
 - inetlisteningservers_probe_main: uninitialized memory
 - rpmverifypackage_additem: invalid type in argument to printf format specifier
diff --git a/src/OVAL/oval_sexp.c b/src/OVAL/oval_sexp.c
@@ -965,6 +965,8 @@ static struct oval_sysitem *oval_sexp_to_sysitem(struct oval_syschar_model *mode
         } else {
 		family = item_name;
 		char *endptr = strchr(family, ':');
+		if (endptr == NULL)
+			goto cleanup;
 		*endptr = '\0';
 		name = endptr + 1;
 		endptr = strrchr(name, '_');
diff --git a/src/OVAL/probes/probe/worker.c b/src/OVAL/probes/probe/worker.c
@@ -1021,13 +1021,13 @@ SEXP_t *probe_worker(probe_t *probe, SEAP_msg_t *msg_in, int *ret)
 				dE("open(\".\") failed: %s", strerror(errno));
 				return NULL;
 			}
-			if (chdir(rootdir) != 0) {
-				dE("chdir failed: %s", strerror(errno));
-			}
 
 			if (chroot(rootdir) != 0) {
 				dE("chroot failed: %s", strerror(errno));
 			}
+			if (chdir("/") != 0) {
+				dE("chdir failed: %s", strerror(errno));
+			}
 			/* NOTE: We're running in a different root directory.
 			 * Unless /proc, /sys are somehow emulated for the new
 			 * environment, they are not relevant and so are other
diff --git a/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c b/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c
@@ -559,6 +559,10 @@ int inetlisteningservers_probe_main(probe_ctx *ctx, void *arg)
 
         object = probe_ctx_getobject(ctx);
 	struct server_info *req = malloc(sizeof(struct server_info));
+	if (req == NULL)
+		return 0;
+	memset(req, 0, sizeof(*req));
+
 	req->protocol_ent = probe_obj_getent(object, "protocol", 1);
 	if (req->protocol_ent == NULL) {
 		err = PROBE_ENOVAL;
diff --git a/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c b/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c
@@ -428,7 +428,7 @@ static int rpmverifypackage_additem(probe_ctx *ctx, struct rpmverify_res *res)
 		SEXP_free(value);
 	}
 	if (res->vflags & VERIFY_SCRIPT) {
-		dD("VERIFY_SCRIPT %d", res->vresults & VERIFY_SCRIPT);
+		dD("VERIFY_SCRIPT %lu", res->vresults & VERIFY_SCRIPT);
 		value = probe_entval_from_cstr(OVAL_DATATYPE_BOOLEAN, (res->vresults & VERIFY_SCRIPT ? "1" : "0"), 1);
 		probe_item_ent_add(item, "verification_script_successful", NULL, value);
 		SEXP_free(value);

Original file line number	Diff line number	Diff line change
`@@ -428,7 +428,7 @@ static int rpmverifypackage_additem(probe_ctx ctx, struct rpmverify_res res)`
`428`	`428`	`SEXP_free(value);`
`429`	`429`	`}`
`430`	`430`	`if (res->vflags & VERIFY_SCRIPT) {`
`431`		`- dD("VERIFY_SCRIPT %d", res->vresults & VERIFY_SCRIPT);`
	`431`	`+ dD("VERIFY_SCRIPT %lu", res->vresults & VERIFY_SCRIPT);`
`432`	`432`	`value = probe_entval_from_cstr(OVAL_DATATYPE_BOOLEAN, (res->vresults & VERIFY_SCRIPT ? "1" : "0"), 1);`
`433`	`433`	`probe_item_ent_add(item, "verification_script_successful", NULL, value);`
`434`	`434`	`SEXP_free(value);`