Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix partition probe for PCRE2 #2027

Merged
merged 2 commits into from
Sep 20, 2023
Merged

Fix partition probe for PCRE2 #2027

merged 2 commits into from
Sep 20, 2023

Conversation

jan-cerny
Copy link
Member

The pcre_exec function can return a positive number or zero, zero is returned if the buffer isn't large enough. Therefore, we should allow also positive number return code.

The commit also extends the test to cover the bug situation.

Fixes: #2026

@jan-cerny
Copy link
Member Author

I have built OpenSCAP from this PR's branch with PCRE 2 option inside the virtual machine that I'm using as an Automatus back end (ie. ssgts_rhel9 domain in text below) and I have installed it to the system. The outcome with the rule audit_rules_privileged_commands is the following:

[jcerny@fedora scap-security-guide{master}]$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel9 audit_rules_privileged_commands
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2023-09-08-1549/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands
INFO - Script auditctl_default.fail.sh using profile (all) OK
INFO - Script augenrules_default.fail.sh using profile (all) OK
INFO - Script auditctl_missing_rule.fail.sh using profile (all) OK
INFO - Script auditctl_one_rule.fail.sh using profile (all) OK
INFO - Script auditctl_rules_configured.pass.sh using profile (all) OK
INFO - Script auditctl_rules_without_perm_x.pass.sh using profile (all) OK
INFO - Script augenrules_duplicated.fail.sh using profile (all) OK
INFO - Script augenrules_missing_rule.fail.sh using profile (all) OK
INFO - Script augenrules_one_rule.fail.sh using profile (all) OK
INFO - Script augenrules_rules_configured.pass.sh using profile (all) OK
INFO - Script augenrules_rules_configured_mixed_keys.pass.sh using profile (all) OK
INFO - Script augenrules_rules_without_perm_x.pass.sh using profile (all) OK
INFO - Script augenrules_two_rules_mixed_keys.fail.sh using profile (all) OK
INFO - Script augenrules_two_rules_sep_files.fail.sh using profile (all) OK
INFO - Script rules_with_own_key.pass.sh using profile (all) OK
[jcerny@fedora scap-security-guide{master}]$

@jan-cerny
Fix partition probe for PCRE2
1e32c86 
The pcre_exec function can return a positive number or zero,
zero is returned if the buffer isn't large enough. Therefore,
we should allow also positive number return code.

The commit also extends the test to cover the bug situation.

Fixes: OpenSCAP#2026
@jan-cerny jan-cerny added this to the 1.3.10 milestone Sep 8, 2023
@jan-cerny jan-cerny marked this pull request as ready for review September 8, 2023 14:47
@evgenyz evgenyz self-assigned this Sep 11, 2023
@evgenyz evgenyz self-requested a review September 11, 2023 14:12
evgenyz
evgenyz approved these changes Sep 13, 2023
View reviewed changes
Copy link
Contributor

@evgenyz evgenyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did check that is works with with PCRE and PCRE2, thanks.

I do have one discussion point, though.

evgenyz
evgenyz reviewed Sep 13, 2023
View reviewed changes
src/OVAL/probes/unix/linux/partition_probe.c Outdated
@@ -402,7 +402,7 @@ int partition_probe_main(probe_ctx *ctx, void *probe_arg)
rc = oscap_pcre_exec(re, mnt_entp->mnt_dir,
strlen(mnt_entp->mnt_dir), 0, 0, NULL, 0);

if (rc == 0) {
if (rc >= 0) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think, would it make sense to use if (rc > OSCAP_PCRE_ERR_NOMATCH) is such cases?

@jan-cerny
Copy link
Member Author

I have add OSCAP_PCRE_ERR_NOMATCH.

@evgenyz
Copy link
Contributor

evgenyz commented Sep 20, 2023

Tests fail because we have new sysctl entries in the kernel:

< kernel.apparmor_restrict_unprivileged_userns
< kernel.apparmor_restrict_unprivileged_userns_complain
< kernel.apparmor_restrict_unprivileged_userns_force

LGTM.

@evgenyz evgenyz merged commit fc476c2 into OpenSCAP:maint-1.3 Sep 20, 2023
16 of 19 checks passed
@evgenyz evgenyz mentioned this pull request Jan 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evgenyz evgenyz evgenyz approved these changes

Assignees

@evgenyz evgenyz

Labels
bugfix release blocker
Projects
None yet
Milestone
1.3.10
Development

Successfully merging this pull request may close these issues.

Partition probe broken with PCRE2
2 participants
@jan-cerny @evgenyz