[Bug 1851682] [NEW] oscap is broken in ubuntu 19.10

Launchpad Bug Tracker 1851682 at bugs.launchpad.net
Fri Mar 27 21:32:58 UTC 2020 

You have been subscribed to a public bug by Mark Morlino (markmorlino):

[Impact]

The bug causes oscap to fail to run with OVAL files produced by the
Ubuntu Security team.

This is the upstream issue:
https://github.com/OpenSCAP/openscap/issues/1367

The fix is simple and I've tested in under bionic, eoan, and focal.

The patch corrects an typo or copy/paste error in the original code.
https://github.com/OpenSCAP/openscap/commit/5e5bc61c1fc6a6556665aa5689a62d6bc6487c74

[Test Case]

This can be reproduced on eoan and focal by following the instructions
for using ubuntu security oval data here: https://people.canonical.com
/~ubuntu-security/oval/

The bug does not manifest directly in bionic but if you include
libopenscap8 in a snap based on core18, the version of oscap in the snap
will produce the same behavior when you run the snap on eoan or focal

[Regression Potential]

The potential for regression seems low in this case. I've built the deb
locally for bionic, eoan, and focal and smoke tested in in VMs using the
ubuntu security OVAL files and the test file from the comment below
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/comments/2

If a regression were to exist, it would likely manifest itself with a
runtime error much like the original problem.

############################################
ORIGINAL BUG REPORT BELOW
###########################################
oscap segfaults while trying to check using ubuntu-security definitions:

The command:
oscap oval eval --report /tmp/oscap_report.html /var/tmp/com.ubuntu.eoan.cve.oval.xml

Segfault:
...
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Probe with PID=26379 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178]
Probe with PID=26379 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182]
Unable to close probe sd [../../../src/OVAL/oval_probe_ext.c:424]
Unable to receive a message from probe [../../../src/OVAL/oval_probe_ext.c:579]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
Probe with PID=26393 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178]
Probe with PID=26393 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182]
Unable to close probe sd [../../../src/OVAL/oval_probe_ext.c:424]
Unable to receive a message from probe [../../../src/OVAL/oval_probe_ext.c:579]
Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]

The OVAL definitions are taken directly from
https://people.canonical.com/~ubuntu-
security/oval/com.ubuntu.eoan.cve.oval.xml

Version:
oscap --version
OpenSCAP command line tool (oscap) 1.2.16
Copyright 2009--2017 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ====
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1

==== Capabilities added by auto-loaded plugins ====
SCE Version: 1.0 (from libopenscap_sce.so.8)

==== Paths ====
Schema files: /usr/share/openscap/schemas
Default CPE files: /usr/share/openscap/cpe
Probes: /usr/lib/x86_64-linux-gnu/openscap

** Affects: openscap (Ubuntu)
     Importance: Undecided
         Status: Confirmed

** Affects: openscap (Ubuntu Bionic)
     Importance: Undecided
         Status: New

** Affects: openscap (Ubuntu Eoan)
     Importance: Undecided
         Status: New

** Affects: openscap (Ubuntu Focal)
     Importance: Undecided
         Status: Confirmed

-- 
oscap is broken in ubuntu 19.10
https://bugs.launchpad.net/bugs/1851682
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list