Skip to content

CPE/XCCDF/DS: fix infinite loops in parsers on malformed input #2362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
edznux-dd wants to merge 1 commit into
base: main
Choose a base branch
from
+79 −24

CPE/XCCDF/DS: fix infinite loops in parsers on malformed input

fe252b1
Select commit
Loading
Failed to load commit list.
Open

CPE/XCCDF/DS: fix infinite loops in parsers on malformed input #2362

CPE/XCCDF/DS: fix infinite loops in parsers on malformed input
fe252b1
Select commit
Loading
Failed to load commit list.
SonarQubeCloud / SonarCloud Code Analysis failed Jun 3, 2026 in 46s

Quality Gate failed

Failed conditions
E Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Annotations

Check failure on line 221 in src/DS/rds_index.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Refactor this code to not nest more than 3 if|for|do|while|switch statements. 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M0knTXEFIpWlLX1ND&open=AZ6M0knTXEFIpWlLX1ND&pullRequest=2362

Check failure on line 949 in src/CPE/cpedict_priv.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Use of memory after it is freed 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M0kp9XEFIpWlLX1NG&open=AZ6M0kp9XEFIpWlLX1NG&pullRequest=2362

Check warning on line 393 in src/CPE/cpelang_priv.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Make the type of this variable a pointer-to-const. The current type of "before" is "struct _xmlNode *". 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M0kqSXEFIpWlLX1NI&open=AZ6M0kqSXEFIpWlLX1NI&pullRequest=2362

Check failure on line 213 in src/DS/rds_index.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Refactor this code to not nest more than 3 if|for|do|while|switch statements. 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M0knTXEFIpWlLX1NC&open=AZ6M0knTXEFIpWlLX1NC&pullRequest=2362

Check failure on line 722 in src/CPE/cpedict_priv.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Refactor this code to not nest more than 3 if|for|do|while|switch statements. 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M0kp9XEFIpWlLX1NE&open=AZ6M0kp9XEFIpWlLX1NE&pullRequest=2362

Check failure on line 941 in src/CPE/cpedict_priv.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Use of memory after it is freed 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M0kp9XEFIpWlLX1NF&open=AZ6M0kp9XEFIpWlLX1NF&pullRequest=2362

Check failure on line 957 in src/CPE/cpedict_priv.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Use of memory after it is freed 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M0kp9XEFIpWlLX1NH&open=AZ6M0kp9XEFIpWlLX1NH&pullRequest=2362

Check warning on line 252 in src/XCCDF/profile.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Make the type of this variable a pointer-to-const. The current type of "_node_before" is "struct _xmlNode *". 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M0kqoXEFIpWlLX1NJ&open=AZ6M0kqoXEFIpWlLX1NJ&pullRequest=2362
View more details on SonarQubeCloud