Merge pull request #2007 from evgenyz/fix-coverity-1.3.8

Fix coverity 1.3.8
OpenSCAP · Jul 21, 2023 · 0862f59 · 0862f59
2 parents 1347831 + 6256a25
commit 0862f59
Show file tree

Hide file tree

Showing 8 changed files with 256 additions and 183 deletions.
diff --git a/src/OVAL/probes/unix/linux/CMakeLists.txt b/src/OVAL/probes/unix/linux/CMakeLists.txt
@@ -92,6 +92,8 @@ endif()
 if(OPENSCAP_PROBE_LINUX_SYSTEMDUNITDEPENDENCY OR OPENSCAP_PROBE_LINUX_SYSTEMDUNITPROPERTY)
 	list(APPEND LINUX_PROBES_SOURCES
 		"systemdshared.h"
+		"oval_dbus.c"
+		"oval_dbus.h"
 	)
 	list(APPEND LINUX_PROBES_INCLUDE_DIRECTORIES
 		${DBUS_INCLUDE_DIRS}
@@ -113,10 +115,17 @@ if(OPENSCAP_PROBE_LINUX_SYSTEMDUNITPROPERTY)
 endif()
 
 if(OPENSCAP_PROBE_LINUX_FWUPDSECURITYATTR)
+	list(APPEND LINUX_PROBES_SOURCES
+		"oval_dbus.c"
+		"oval_dbus.h"
+	)
 	list(APPEND LINUX_PROBES_SOURCES
 		"fwupdsecattr_probe.c"
 		"fwupdsecattr_probe.h"
 	)
+	list(APPEND LINUX_PROBES_INCLUDE_DIRECTORIES
+		${DBUS_INCLUDE_DIRS}
+	)
 endif()
 
 

diff --git a/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c b/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c
@@ -61,8 +61,8 @@
 #include "probe/entcmp.h"
 #include "common/debug_priv.h"
 
+#include "oval_dbus.h"
 #include "fwupdsecattr_probe.h"
-#include "systemdshared.h"
 
 
 static struct cachehed hsi_result_cache;
@@ -206,24 +206,26 @@ static int get_all_security_attributes(DBusConnection *conn, void(*callback)(cha
 
 			switch (arg_type) {
 				case DBUS_TYPE_UINT32:
-					if(strncmp(property_name, "HsiResult", strlen("HsiResult")) == 0) {
+					if(!strncmp(property_name, "HsiResult", strlen("HsiResult"))) {
 						_DBusBasicValue hsiresult_value;
 						dbus_message_iter_get_basic(&value_variant, &hsiresult_value);
 						hsi_flags = hsiresult_value.u32;
 					}
 					break;
 				case DBUS_TYPE_STRING:
 					if(!strncmp(property_name, "AppstreamId", strlen("AppstreamId"))) {
-						appstream_name = dbus_value_to_string(&value_variant);
+						free(appstream_name);
+						appstream_name = oval_dbus_value_to_string(&value_variant);
 						dD("Element string: %s", appstream_name);
 					}
 					break;
 			}
 			free(property_name);
 		} while (dbus_message_iter_next(&array_entry));
 		callback(appstream_name, hsi_flags);
-	}
-	while (dbus_message_iter_next(&property_iter));
+		free(appstream_name);
+		appstream_name = NULL;
+	} while (dbus_message_iter_next(&property_iter));
 
 	dbus_message_unref(msg); msg = NULL;
 	ret = 0;
@@ -315,27 +317,27 @@ int fwupdsecattr_probe_main(probe_ctx *ctx, void *arg)
 		DBusConnection *dbus_conn;
 
 		dbus_error_init(&dbus_error);
-		dbus_conn = connect_dbus();
+		dbus_conn = oval_connect_dbus();
 
 		if (dbus_conn == NULL) {
 			dbus_error_free(&dbus_error);
 			SEXP_t *msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_INFO, "D-Bus connection failed, could not identify fwupd.");
 			probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
 			probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
 			SEXP_free(msg);
-			return 0;
+			goto exit;
 		}
 
 		int res = get_all_security_attributes(dbus_conn, hsicache_callback, NULL);
-		disconnect_dbus(dbus_conn);
+		oval_disconnect_dbus(dbus_conn);
 
 		if (res) {
 			dbus_error_free(&dbus_error);
 			SEXP_t *msg = probe_msg_creat(OVAL_MESSAGE_LEVEL_INFO, "The fwupd service is not properly installed or configured.");
 			probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
 			probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
 			SEXP_free(msg);
-			return 0;
+			goto exit;
 		}
 	}
 

diff --git a/src/OVAL/probes/unix/linux/oval_dbus.c b/src/OVAL/probes/unix/linux/oval_dbus.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2023 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * Authors:
+ *      Evgenii Kolesnikov <ekolesni@redhat.com>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <limits.h>
+#include "common/util.h"
+#include "oscap_helpers.h"
+#include "common/debug_priv.h"
+#include "oval_dbus.h"
+
+
+char *oval_dbus_value_to_string(DBusMessageIter *iter)
+{
+	const int arg_type = dbus_message_iter_get_arg_type(iter);
+	if (dbus_type_is_basic(arg_type)) {
+		_DBusBasicValue value;
+		dbus_message_iter_get_basic(iter, &value);
+
+		switch (arg_type)
+		{
+			case DBUS_TYPE_BYTE:
+				return oscap_sprintf("%c", value.byt);
+
+			case DBUS_TYPE_BOOLEAN:
+				return oscap_strdup(value.bool_val ? "true" : "false");
+
+			case DBUS_TYPE_INT16:
+				return oscap_sprintf("%i", value.i16);
+
+			case DBUS_TYPE_UINT16:
+				return oscap_sprintf("%u", value.u16);
+
+			case DBUS_TYPE_INT32:
+				return oscap_sprintf("%i", value.i32);
+
+			case DBUS_TYPE_UINT32:
+				return oscap_sprintf("%u", value.u32);
+
+#ifdef DBUS_HAVE_INT64
+			case DBUS_TYPE_INT64:
+				return oscap_sprintf("%li", value.i64);
+
+			case DBUS_TYPE_UINT64:
+				return oscap_sprintf("%lu", value.u64);
+#endif
+
+			case DBUS_TYPE_DOUBLE:
+				return oscap_sprintf("%g", value.dbl);
+
+			case DBUS_TYPE_STRING:
+			case DBUS_TYPE_OBJECT_PATH:
+			case DBUS_TYPE_SIGNATURE:
+				return oscap_strdup(value.str);
+
+			// We skip non-basic types for now
+			//case DBUS_TYPE_ARRAY:
+			//case DBUS_TYPE_STRUCT:
+			//case DBUS_TYPE_DICT_ENTRY:
+			//case DBUS_TYPE_VARIANT:
+			//case DBUS_TYPE_UNIX_FD:
+			//	return oscap_sprintf("%i", value.fd);
+
+			default:
+				dD("Encountered unknown D-Bus basic type: %d!", arg_type);
+				return oscap_strdup("error, unknown basic type!");
+		}
+	} else if (arg_type == DBUS_TYPE_ARRAY) {
+		DBusMessageIter array;
+		dbus_message_iter_recurse(iter, &array);
+
+		char *ret = NULL;
+		do {
+			char *element = oval_dbus_value_to_string(&array);
+
+			if (element == NULL)
+				continue;
+
+			char *old_ret = ret;
+			if (old_ret == NULL)
+				ret = oscap_sprintf("%s", element);
+			else
+				ret = oscap_sprintf("%s, %s", old_ret, element);
+
+			free(old_ret);
+			free(element);
+		}
+		while (dbus_message_iter_next(&array));
+
+		return ret;
+	}
+
+	return NULL;
+}
+
+DBusConnection *oval_connect_dbus(void)
+{
+	DBusConnection *conn = NULL;
+
+	DBusError err;
+	dbus_error_init(&err);
+
+	const char *prefix = getenv("OSCAP_PROBE_ROOT");
+	if (prefix != NULL) {
+		char dbus_address[PATH_MAX] = {0};
+		snprintf(dbus_address, PATH_MAX, "unix:path=%s/run/dbus/system_bus_socket", prefix);
+		setenv("DBUS_SYSTEM_BUS_ADDRESS", dbus_address, 0);
+		/* We won't overwrite DBUS_SYSTEM_BUS_ADDRESS so that
+		 * user could have a way to define some non-standard system bus socket location */
+	}
+
+	conn = dbus_bus_get(DBUS_BUS_SYSTEM, &err);
+	if (dbus_error_is_set(&err)) {
+		dD("Failed to get DBUS_BUS_SYSTEM connection - %s", err.message);
+		goto cleanup;
+	}
+	if (conn == NULL) {
+		dD("DBusConnection == NULL!");
+		goto cleanup;
+	}
+
+	dbus_bus_register(conn, &err);
+	if (dbus_error_is_set(&err)) {
+		dD("Failed to register on dbus - %s", err.message);
+		goto cleanup;
+	}
+
+cleanup:
+	dbus_error_free(&err);
+
+	return conn;
+}
+
+void oval_disconnect_dbus(DBusConnection *conn)
+{
+	// NOOP
+
+	// Connections retrieved via dbus_bus_get shall not be destroyed,
+	// these connections are shared.
+}
diff --git a/src/OVAL/probes/unix/linux/oval_dbus.h b/src/OVAL/probes/unix/linux/oval_dbus.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2023 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * Authors:
+ *      Evgenii Kolesnikov <ekolesni@redhat.com>
+ */
+
+#ifndef OPENSCAP_OVAL_DBUS_H_
+#define OPENSCAP_OVAL_DBUS_H_
+
+#include <dbus/dbus.h>
+
+
+// Old versions of libdbus API don't have DBusBasicValue and DBus8ByteStruct
+// as a public typedefs.
+// These two typedefs were copied from libdbus 1.8 branch, see
+// http://cgit.freedesktop.org/dbus/dbus/tree/dbus/dbus-types.h?h=dbus-1.8#n137
+typedef struct
+{
+	dbus_uint32_t first32;
+	dbus_uint32_t second32;
+} _DBus8ByteStruct;
+
+typedef union
+{
+	unsigned char bytes[8]; /**< as 8 individual bytes */
+	dbus_int16_t  i16;   /**< as int16 */
+	dbus_uint16_t u16;   /**< as int16 */
+	dbus_int32_t  i32;   /**< as int32 */
+	dbus_uint32_t u32;   /**< as int32 */
+	dbus_bool_t   bool_val; /**< as boolean */
+#ifdef DBUS_HAVE_INT64
+	dbus_int64_t  i64;   /**< as int64 */
+	dbus_uint64_t u64;   /**< as int64 */
+#endif
+	_DBus8ByteStruct eight; /**< as 8-byte struct */
+	double dbl;          /**< as double */
+	unsigned char byt;   /**< as byte */
+	char *str;           /**< as char* (string, object path or signature) */
+	int fd;              /**< as Unix file descriptor */
+} _DBusBasicValue;
+
+
+char *oval_dbus_value_to_string(DBusMessageIter *iter);
+
+DBusConnection *oval_connect_dbus(void);
+
+void oval_disconnect_dbus(DBusConnection *conn);
+
+#endif