Merge pull request #2286 from Mab879/fix_2285

jan-cerny · web-flow · commit 89692c6f2dbd · 2025-12-18T16:11:14.000+01:00
Fix segfault in error handling for cpe_item_parse
diff --git a/src/CPE/cpedict_priv.c b/src/CPE/cpedict_priv.c
@@ -736,9 +736,14 @@ struct cpe_item *cpe_item_parse(struct cpe_parser_ctx *ctx)
 			} else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_ITEM_METADATA_STR) == 0) {
 				data = (char *)xmlTextReaderGetAttribute(reader, ATTR_MODIFICATION_DATE_STR);
 				if ((data == NULL) || ((ret->metadata = cpe_item_metadata_new()) == NULL)) {
-					oscap_seterr(OSCAP_EFAMILY_OSCAP,
-							"Failed to parse item-metadata element within cpe-item/@name='%s'",
-							cpe_name_get_as_str(ret->name));
+					if (ret->name != NULL) {
+						oscap_seterr(OSCAP_EFAMILY_OSCAP,
+								"Failed to parse item-metadata element within cpe-item/@name='%s'",
+								cpe_name_get_as_str(ret->name));
+					} else {
+						oscap_seterr(OSCAP_EFAMILY_OSCAP,
+							"Failed to parse item-metadata element within cpe-item");
+					}
 					cpe_item_free(ret);
 					free(data);
 					return NULL;
diff --git a/tests/CPE/CMakeLists.txt b/tests/CPE/CMakeLists.txt
@@ -1 +1,2 @@
 add_oscap_test("all.sh")
+add_oscap_test("openscap_2285_regression.sh")
diff --git a/tests/CPE/openscap_2285_regression.sh b/tests/CPE/openscap_2285_regression.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+set -e -o pipefail
+
+. $builddir/tests/test_common.sh
+
+# oscap is expcted to fail here.
+# Turn off pipefail, run the cmd, the return code and return to safety. 
+set +e +o pipefail
+$OSCAP info "${top_srcdir}/tests/CPE/openscap_2285_regression.xml" 
+rc=$?
+set -e -o pipefail
+
+
+if [ "$rc" -eq 139 ]; then
+    echo "oscap seg-faulted (exit status 139)"
+    exit 1
+fi
+
+if [ "$rc" -eq 0 ]; then
+	echo "oscap did not error as expected"
+	exit 1
+fi
diff --git a/tests/CPE/openscap_2285_regression.xml b/tests/CPE/openscap_2285_regression.xml
@@ -0,0 +1,11 @@
+<?xml version='1.0' encoding='cp1250'?>
+<cpe-list xmlns="http://cpe.mit�e.org/dictionary/2.0" xmxsi="httce" xmlns:meta="0.2" xsiion="httd">
+<generator>
+<product_name>NaVD)</product_name>
+    <product_version>T)</product_version> <schema_version>2.1</schema_version>
+    <timestamp>200</timestamp> </generator>
+    <cpe-item nameerator="OR" n="cpe:/a:-com:3c15100d"> <title lang="en-US">�luk�</title>
+    <meta:item-metadata s="2044" />
+    </cpe-item>
+
+</cpe-list>

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`add_oscap_test("all.sh")`
	`2`	`+add_oscap_test("openscap_2285_regression.sh")`