OVAL/probes/fwupdsecattr: Fix resource mgmt problems

fwupdsecattr_probe.c:326: leaked_storage: Variable "stream_id" going out of scope leaks the storage it points to. fwupdsecattr_probe.c:238: leaked_storage: Variable "appstream_name" going out of scope leaks the storage it points to. fwupdsecattr_probe.c:217: overwrite_var: Overwriting "appstream_name" in "appstream_name = dbus_value_to_string(&value_variant)" leaks the storage that "appstream_name" points to.
OpenSCAP · Jul 20, 2023 · 3ed934e · 3ed934e
1 parent 431117c
commit 3ed934e
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c b/src/OVAL/probes/unix/linux/fwupdsecattr_probe.c
@@ -206,14 +206,15 @@ static int get_all_security_attributes(DBusConnection *conn, void(*callback)(cha
 
 			switch (arg_type) {
 				case DBUS_TYPE_UINT32:
-					if(strncmp(property_name, "HsiResult", strlen("HsiResult")) == 0) {
+					if(!strncmp(property_name, "HsiResult", strlen("HsiResult"))) {
 						_DBusBasicValue hsiresult_value;
 						dbus_message_iter_get_basic(&value_variant, &hsiresult_value);
 						hsi_flags = hsiresult_value.u32;
 					}
 					break;
 				case DBUS_TYPE_STRING:
 					if(!strncmp(property_name, "AppstreamId", strlen("AppstreamId"))) {
+						free(appstream_name);
 						appstream_name = oval_dbus_value_to_string(&value_variant);
 						dD("Element string: %s", appstream_name);
 					}
@@ -222,8 +223,9 @@ static int get_all_security_attributes(DBusConnection *conn, void(*callback)(cha
 			free(property_name);
 		} while (dbus_message_iter_next(&array_entry));
 		callback(appstream_name, hsi_flags);
-	}
-	while (dbus_message_iter_next(&property_iter));
+		free(appstream_name);
+		appstream_name = NULL;
+	} while (dbus_message_iter_next(&property_iter));
 
 	dbus_message_unref(msg); msg = NULL;
 	ret = 0;
@@ -323,7 +325,7 @@ int fwupdsecattr_probe_main(probe_ctx *ctx, void *arg)
 			probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
 			probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
 			SEXP_free(msg);
-			return 0;
+			goto exit;
 		}
 
 		int res = get_all_security_attributes(dbus_conn, hsicache_callback, NULL);
@@ -335,7 +337,7 @@ int fwupdsecattr_probe_main(probe_ctx *ctx, void *arg)
 			probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
 			probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
 			SEXP_free(msg);
-			return 0;
+			goto exit;
 		}
 	}