openscap/openscap-1.3.7-PR-1875-reset-errno-strtol.patch
Jan Černý 77b5330e9f Update OpenSCAP for RHEL 9.1
- Fix potential invalid scan results in OpenSCAP (rhbz#2109485)
- Remove oscap-remediate service (rhbz#2111358)

Resolves: rhbz#2109485
Resolves: rhbz#2111358
2022-07-27 12:59:07 +02:00

72 lines
2.9 KiB
Diff

From 55b09ba184c1803a5e1454c44e9e9a5c578dd741 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Mon, 25 Jul 2022 17:10:17 +0200
Subject: [PATCH] Reset errno before strtol
This sets errno to 0 before strotol calls after which the errno
is being checked.
Per man 3 strtol:
Since strtol() can legitimately return 0, LONG_MAX, or
LONG_MIN (LLONG_MAX or LLONG_MIN for strtoll()) on both success and
failure, the calling program should set errno to 0 before the call, and
then determine if an error occurred by checking whether errno has a
nonzero value after the call.
This is inspired by https://github.com/OpenSCAP/openscap/pull/1861.
---
src/OVAL/probes/independent/sql57_probe.c | 1 +
src/OVAL/probes/independent/sql_probe.c | 1 +
src/OVAL/probes/oval_fts.c | 1 +
src/OVAL/probes/unix/xinetd_probe.c | 1 +
4 files changed, 4 insertions(+)
diff --git a/src/OVAL/probes/independent/sql57_probe.c b/src/OVAL/probes/independent/sql57_probe.c
index ce1466635c..2b35750ee2 100644
--- a/src/OVAL/probes/independent/sql57_probe.c
+++ b/src/OVAL/probes/independent/sql57_probe.c
@@ -216,6 +216,7 @@ static int dbURIInfo_parse(dbURIInfo_t *info, const char *conn)
matchitem1(tok, 'c',
"onnecttimeout", tmp);
if (tmp != NULL) {
+ errno = 0;
info->conn_timeout = strtol(tmp, NULL, 10);
if (errno == ERANGE || errno == EINVAL)
diff --git a/src/OVAL/probes/independent/sql_probe.c b/src/OVAL/probes/independent/sql_probe.c
index 2ede89d031..71ba3c08c3 100644
--- a/src/OVAL/probes/independent/sql_probe.c
+++ b/src/OVAL/probes/independent/sql_probe.c
@@ -216,6 +216,7 @@ static int dbURIInfo_parse(dbURIInfo_t *info, const char *conn)
matchitem1(tok, 'c',
"onnecttimeout", tmp);
if (tmp != NULL) {
+ errno = 0;
info->conn_timeout = strtol(tmp, NULL, 10);
if (errno == ERANGE || errno == EINVAL)
diff --git a/src/OVAL/probes/oval_fts.c b/src/OVAL/probes/oval_fts.c
index 1364159c90..f9d0a0c1fd 100644
--- a/src/OVAL/probes/oval_fts.c
+++ b/src/OVAL/probes/oval_fts.c
@@ -729,6 +729,7 @@ OVAL_FTS *oval_fts_open_prefixed(const char *prefix, SEXP_t *path, SEXP_t *filen
/* max_depth */
PROBE_ENT_AREF(behaviors, r0, "max_depth", return NULL;);
SEXP_string_cstr_r(r0, cstr_buff, sizeof cstr_buff - 1);
+ errno = 0;
max_depth = strtol(cstr_buff, NULL, 10);
if (errno == EINVAL || errno == ERANGE) {
dE("Invalid value of the `%s' attribute: %s", "recurse_direction", cstr_buff);
diff --git a/src/OVAL/probes/unix/xinetd_probe.c b/src/OVAL/probes/unix/xinetd_probe.c
index b3375500db..703a07f513 100644
--- a/src/OVAL/probes/unix/xinetd_probe.c
+++ b/src/OVAL/probes/unix/xinetd_probe.c
@@ -1280,6 +1280,7 @@ int op_assign_bool(void *var, char *val)
*((bool *)(var)) = false;
} else {
char *endptr = NULL;
+ errno = 0;
*((bool *)(var)) = (bool) strtol (val, &endptr, 2);
if (errno == EINVAL || errno == ERANGE) {
return -1;