-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2 file ships with some odd object related to `saved_entry`:
<ind-def:textfilecontent54_object id="oval:com.redhat.rhsa:obj:20191167027" version="643">
<ind-def:filepath datatype="string">/boot/grub2/grubenv</ind-def:filepath>
<ind-def:pattern operation="pattern match">(?<=^saved_entry=).*</ind-def:pattern>
<ind-def:instance datatype="int">1</ind-def:instance>
</ind-def:textfilecontent54_object>
This object is then used in the following variable:
<local_variable comment="Get saved_entry in /boot/grub2/grubenv" datatype="int" id="oval:com.redhat.rhsa:var:20191167001" version="643">
<arithmetic arithmetic_operation="add">
<literal_component datatype="int">1</literal_component>
<object_component item_field="text" object_ref="oval:com.redhat.rhsa:obj:20191167027"/>
</arithmetic>
</local_variable>
Here above there are 2 issues:
- On RHEL8 and later, `saved_entry` is not a number anymore, but a BLS snippet, e.g. `saved_entry=7e6826842a934d13849aa6cdca450637-4.18.0-425.19.2.el8_7.x86_64`
- The content of the variable is definitely not a number, but a arithmetic `add` operation is performed
Talking to Jan Cerny about this, he confirms there is something wrong in what we ship.
- links to