OpenSCAP
SAST checks
The results of the static analyzer Svace are listed below:
DEREF_AFTER_NULL: After having been compared to a NULL value at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/unix/xinetd_probe.c#L1097 pointer 'scur->protocol' is dereferenced at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/unix/xinetd_probe.c#L1144 by calling function 'strcat'.
DOUBLE_FREE: Pointer 'packet' is passed to a free function at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/SEAP/seap-packet.c#L51 by passing as 1st parameter to function 'SEAP_packet_free' at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/SEAP/seap.c#L220 after the referenced memory was deallocated at seap-packet.c:51 by passing as 1st parameter to function 'SEAP_packet_free' at seap.c:220. Note: the second deallocation is on another loop iteration.
OVERFLOW_AFTER_CHECK: Accessing an element of array 'sysvals' of size 512 at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/unix/sysctl_probe.c#L252 can lead to a buffer overflow, since the index 's + 1' can have an out of range value 512, as indicated by a preceding conditional expression at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/unix/sysctl_probe.c#L269.
OVERFLOW_UNDER_CHECK: Accessing an element of array 's_ptr' of size 32 at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/SEAP/sexp-manip_r.c#L296 can lead to a buffer overflow, since the index 's_cur + 1' can have an out of range value 32, as indicated by a preceding conditional expression at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/SEAP/sexp-manip_r.c#L300
DEREF_AFTER_NULL: After having been compared to a NULL value at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/XCCDF/result.c#L1137 (may be the check '&& associated_benchmark' is optional if it's not NULL after initialisation) pointer 'associated_benchmark' is passed as 1st parameter in call to function 'xccdf_benchmark_get_member' at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/XCCDF/result.c#L1272 where it is dereferenced at benchmark.c:738.
DEREF_OF_NULL: Pointer 'fp', returned from function 'fopen' at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/unix/routingtable_probe.c#L331 and https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/unix/routingtable_probe.c#L348 may be NULL and is dereferenced by calling function 'getline'.
DEREF_OF_NULL: Return value of a function 'oscap_htable_get' is dereferenced at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/DS/rds.c#L786 without checking for NULL, but it is usually checked for this function (25/26). For instance: https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/XCCDF_POLICY/xccdf_policy.c#L2185-L2189 or https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/XCCDF_POLICY/xccdf_policy.c#L1080-L1082
The same in https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/unix/linux/selinuxsecuritycontext_probe.c#L96 Return value of a function 'strndup' is dereferenced at without checking for NULL, but it is usually checked for this function (6/7). Counter-example: https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/OVAL/probes/oval_fts.c#L334-L337
MEMORY_LEAK: Dynamic memory, referenced by 'idsstr', is allocated at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/XCCDF/rule.c#L108 by calling function 'xccdf_attribute_copy' and lost at https://github.com/OpenSCAP/openscap/blob/7373845aaecdd9274a1630fb54f26612b5c37fda/src/XCCDF/rule.c#L114-L117
