-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Partition probe broken with PCRE2 #2026
Labels
Milestone
Comments
We should try and reproduce the problem in OpenSCAP upstream unit tests on top of fixing the problem. Good catch! |
jan-cerny
added a commit
to jan-cerny/openscap
that referenced
this issue
Sep 8, 2023
The pcre_exec function can return a positive number or zero, zero is returned if the buffer isn't large enough. Therefore, we should allow also positive number return code. The commit also extends the test to cover the bug situation. Fixes: OpenSCAP#2026
jan-cerny
added a commit
to jan-cerny/openscap
that referenced
this issue
Sep 8, 2023
The pcre_exec function can return a positive number or zero, zero is returned if the buffer isn't large enough. Therefore, we should allow also positive number return code. The commit also extends the test to cover the bug situation. Fixes: OpenSCAP#2026
cschuber
pushed a commit
to cschuber/openscap
that referenced
this issue
Feb 1, 2024
The pcre_exec function can return a positive number or zero, zero is returned if the buffer isn't large enough. Therefore, we should allow also positive number return code. The commit also extends the test to cover the bug situation. Fixes: OpenSCAP#2026
cschuber
pushed a commit
to cschuber/openscap
that referenced
this issue
Feb 1, 2024
The pcre_exec function can return a positive number or zero, zero is returned if the buffer isn't large enough. Therefore, we should allow also positive number return code. The commit also extends the test to cover the bug situation. Fixes: OpenSCAP#2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of Problem:
When OpenSCAP is built with PCRE2, the partition probe doesn't evaluate properly OVAL partition objects that contain a regular expression pattern.
This breaks rule
audit_rules_privileged_commands
from scap-security-guide-0.1.69.OpenSCAP Version:
current upstream maint-1.3 branch as of HEAD 9b3e756
Operating System & Version:
Fedora 38
Steps to Reproduce:
Reproducer OVAL: reproducer.zip
Actual Results:
Definition
oval:x:def:1
is evaluated asfalse
, the XML results shows that the object doesn't exist.Expected Results:
Behavior should be the same as when built with PCRE1. Specifically, definition
oval:x:def:1
is evaluated astrue
, the XML results contains many items matching the partition object.Additional Information / Debugging Steps:
This patch seems to fix the problem:
Additionally, you can discover this by running Automatus test scenarios for the rule audit_rules_privileged_commands on a VM back end where the VM contains a custom build of OpenSCAP with the PCRE2.
The text was updated successfully, but these errors were encountered: