From 378ef5e438a2f5af7a50374d2bd23bdd3403201f Mon Sep 17 00:00:00 2001 From: Evgeny Kolesnikov Date: Tue, 4 May 2021 08:41:06 +0200 Subject: [PATCH] Fix covscan-reported issues in yamlfilecontent probe and schematron Error: FORWARD_NULL (CWE-476): [#def1] /OVAL/probes/independent/yamlfilecontent_probe.c:392: var_compare_op: Comparing "yaml_file" to null implies that "yaml_file" might be null. /OVAL/probes/independent/yamlfilecontent_probe.c:417: var_deref_model: Passing null pointer "yaml_file" to "fclose", which dereferences it. # 416| cleanup: # 417|-> fclose(yaml_file); # 418| yaml_parser_delete(&parser); Error: RESOURCE_LEAK (CWE-772): [#def2] [important] /source/schematron.c:549: alloc_fn: Storage is returned from allocation function "xmlXPathNodeEval". /source/schematron.c:549: var_assign: Assigning: "component_refs" = storage returned from "xmlXPathNodeEval(data_stream_node, (xmlChar *)"ds:checklists/ds:component-ref", context)". /source/schematron.c:551: leaked_storage: Variable "component_refs" going out of scope leaks the storage it points to. # 550| if (component_refs == NULL || component_refs->nodesetval == NULL) { # 551|-> return res; # 552| } --- src/OVAL/probes/independent/yamlfilecontent_probe.c | 3 ++- src/source/schematron.c | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c index ed5ce0d68..62a8f4ff2 100644 --- a/src/OVAL/probes/independent/yamlfilecontent_probe.c +++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c @@ -414,7 +414,8 @@ static int process_yaml_file(const char *prefix, const char *path, const char *f } cleanup: - fclose(yaml_file); + if (yaml_file != NULL) + fclose(yaml_file); yaml_parser_delete(&parser); free(filepath_with_prefix); free(filepath); diff --git a/src/source/schematron.c b/src/source/schematron.c index 6cb22658b..c32d5aed6 100644 --- a/src/source/schematron.c +++ b/src/source/schematron.c @@ -548,6 +548,8 @@ static bool _req_src_346_1_sub1(xmlNodePtr data_stream_node, xmlXPathContextPtr /* every $m in ds:checklists/ds:component-ref satisfies ... */ xmlXPathObjectPtr component_refs = xmlXPathNodeEval(data_stream_node, BAD_CAST "ds:checklists/ds:component-ref", context); if (component_refs == NULL || component_refs->nodesetval == NULL) { + if (component_refs != NULL) + xmlXPathFreeObject(component_refs); return res; } for (int i = 0; i < component_refs->nodesetval->nodeNr; i++) {