diff --git a/src/OVAL/oval_sexp.c b/src/OVAL/oval_sexp.c index cb2bdbffd6..3c9d625555 100644 --- a/src/OVAL/oval_sexp.c +++ b/src/OVAL/oval_sexp.c @@ -965,6 +965,8 @@ static struct oval_sysitem *oval_sexp_to_sysitem(struct oval_syschar_model *mode } else { family = item_name; char *endptr = strchr(family, ':'); + if (endptr == NULL) + goto cleanup; *endptr = '\0'; name = endptr + 1; endptr = strrchr(name, '_'); diff --git a/src/OVAL/probes/probe/worker.c b/src/OVAL/probes/probe/worker.c index cedb339d23..fddc1b3965 100644 --- a/src/OVAL/probes/probe/worker.c +++ b/src/OVAL/probes/probe/worker.c @@ -1021,13 +1021,13 @@ SEXP_t *probe_worker(probe_t *probe, SEAP_msg_t *msg_in, int *ret) dE("open(\".\") failed: %s", strerror(errno)); return NULL; } - if (chdir(rootdir) != 0) { - dE("chdir failed: %s", strerror(errno)); - } if (chroot(rootdir) != 0) { dE("chroot failed: %s", strerror(errno)); } + if (chdir("/") != 0) { + dE("chdir failed: %s", strerror(errno)); + } /* NOTE: We're running in a different root directory. * Unless /proc, /sys are somehow emulated for the new * environment, they are not relevant and so are other diff --git a/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c b/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c index c600f0c9ef..f3de85d886 100644 --- a/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c +++ b/src/OVAL/probes/unix/linux/inetlisteningservers_probe.c @@ -559,6 +559,10 @@ int inetlisteningservers_probe_main(probe_ctx *ctx, void *arg) object = probe_ctx_getobject(ctx); struct server_info *req = malloc(sizeof(struct server_info)); + if (req == NULL) + return 0; + memset(req, 0, sizeof(*req)); + req->protocol_ent = probe_obj_getent(object, "protocol", 1); if (req->protocol_ent == NULL) { err = PROBE_ENOVAL; diff --git a/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c b/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c index 87a9124075..86215adb8f 100644 --- a/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c +++ b/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c @@ -337,6 +337,7 @@ void *rpmverifypackage_probe_init(void) #ifdef RPM46_FOUND rpmlogSetCallback(rpmErrorCb, NULL); + rpmSetVerbosity(RPMLOG_ERR); #endif if (CHROOT_IS_SET()) { @@ -428,7 +429,7 @@ static int rpmverifypackage_additem(probe_ctx *ctx, struct rpmverify_res *res) SEXP_free(value); } if (res->vflags & VERIFY_SCRIPT) { - dD("VERIFY_SCRIPT %d", res->vresults & VERIFY_SCRIPT); + dD("VERIFY_SCRIPT %lu", res->vresults & VERIFY_SCRIPT); value = probe_entval_from_cstr(OVAL_DATATYPE_BOOLEAN, (res->vresults & VERIFY_SCRIPT ? "1" : "0"), 1); probe_item_ent_add(item, "verification_script_successful", NULL, value); SEXP_free(value);