From 132cabf1576c49dfb57ac7d83fb4a1121f85b447 Mon Sep 17 00:00:00 2001 From: Packit Date: Sep 07 2020 11:51:42 +0000 Subject: Apply patch openscap-1.3.4-fix-no-more-recursion.patch patch_name: openscap-1.3.4-fix-no-more-recursion.patch present_in_specfile: true --- diff --git a/docs/developer/developer.adoc b/docs/developer/developer.adoc index 823a150..0f01ace 100644 --- a/docs/developer/developer.adoc +++ b/docs/developer/developer.adoc @@ -152,7 +152,7 @@ After building the library you might want to run library self-checks. To do that you need to have these additional packages installed: ---- -wget lua which procps-ng initscripts chkconfig sendmail bzip2 rpm-build +wget lua which procps-ng initscripts chkconfig sendmail bzip2 rpm-build strace ---- On Ubuntu 18.04, also install: diff --git a/src/OVAL/probes/oval_fts.c b/src/OVAL/probes/oval_fts.c index 6969979..2b7314c 100644 --- a/src/OVAL/probes/oval_fts.c +++ b/src/OVAL/probes/oval_fts.c @@ -1029,6 +1029,15 @@ static FTSENT *oval_fts_read_match_path(OVAL_FTS *ofts) if (ores == OVAL_RESULT_TRUE) break; + if (ofts->ofts_path_op == OVAL_OPERATION_EQUALS) { + /* At this point the comparison result isn't OVAL_RESULT_TRUE. Since + we passed the exact path (from filepath or path elements) to + fts_open() we surely know that we can't find other items that would + be equal. Therefore we can terminate the matching. This can happen + if the filepath or path element references a variable that has + multiple different values. */ + return NULL; + } } /* for (;;) */ /* diff --git a/tests/probes/file/CMakeLists.txt b/tests/probes/file/CMakeLists.txt index 1271860..35b4c11 100644 --- a/tests/probes/file/CMakeLists.txt +++ b/tests/probes/file/CMakeLists.txt @@ -1,3 +1,4 @@ if(ENABLE_PROBES_UNIX) add_oscap_test("test_probes_file.sh") + add_oscap_test("test_probes_file_multiple_file_paths.sh") endif() diff --git a/tests/probes/file/test_probes_file_multiple_file_paths.sh b/tests/probes/file/test_probes_file_multiple_file_paths.sh new file mode 100755 index 0000000..1cececb --- /dev/null +++ b/tests/probes/file/test_probes_file_multiple_file_paths.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +set -e -o pipefail + +. $builddir/tests/test_common.sh + +probecheck "file" || exit 255 +which strace || exit 255 + +function check_strace_output { + strace_log="$1" + grep -q "/tmp/numbers/1" $strace_log && return 1 + grep -q "/tmp/numbers/1/2" $strace_log && return 1 + grep -q "/tmp/numbers/1/2/3" $strace_log && return 1 + grep -q "/tmp/numbers/1/2/3/4" $strace_log && return 1 + grep -q "/tmp/numbers/1/2/3/4/5" $strace_log && return 1 + grep -q "/tmp/numbers/1/2/3/4/5/6" $strace_log && return 1 + grep -q "/tmp/letters/a" $strace_log && return 1 + grep -q "/tmp/letters/a/b" $strace_log && return 1 + grep -q "/tmp/letters/a/b/c" $strace_log && return 1 + grep -q "/tmp/letters/a/b/c/d" $strace_log && return 1 + grep -q "/tmp/letters/a/b/c/d/e" $strace_log && return 1 + grep -q "/tmp/letters/a/b/c/d/e/f" $strace_log && return 1 + return 0 +} + +rm -rf /tmp/numbers +mkdir -p /tmp/numbers/1/2/3/4/5/6 +rm -rf /tmp/letters +mkdir -p /tmp/letters/a/b/c/d/e/f +strace_log=$(mktemp) +strace -f -e openat -o $strace_log $OSCAP oval eval --results results.xml "$srcdir/test_probes_file_multiple_file_paths.xml" +ret=0 +check_strace_output $strace_log || ret=$? +rm -f $strace_log +rm -f results.xml +rm -rf /tmp/numbers +rm -rf /tmp/letters +exit $ret diff --git a/tests/probes/file/test_probes_file_multiple_file_paths.xml b/tests/probes/file/test_probes_file_multiple_file_paths.xml new file mode 100644 index 0000000..893a3fe --- /dev/null +++ b/tests/probes/file/test_probes_file_multiple_file_paths.xml @@ -0,0 +1,42 @@ + + + + 5.10 + 0001-01-01T00:00:00+00:00 + + + + + + Specify a file path using variable with two values + x + + multi_platform_all + + + + + + + + + + + + + + + + + + + + + + + + /tmp/numbers + /tmp/letters + + +