Hi! this is another (and I believe last! 😅 ) followup of #2361

This time I tried to focus on the probe part. This was my focus after investigating a few more crashes (segfault) that we discovered internally.

Some of these parsers are quite complex, but i've tried to keep the change simple and minimal.

I've decided to invert the condition for

if (scur->name != NULL && scur->protocol != NULL &&
		    strlen(scur->name) + strlen(scur->protocol) <= XICFG_STRANS_MAXKEYLEN) {

as otherwise, the Skipping (name, protocol) translation for service branch would have needed a goto (because of the strcpy)

I've added regression test + reproducer inputs for the fuzz harnesses as well.
A few fuzz harnesses have been added as a new commit of the PR #2365

I believe this covers a big part of the "probes" of openscap and should help with the reliability during the parsing of arbitrary data.

The fuzzers were compiled with multiple sanitizer, so it discovered a few uninitialized variable and other UB.

Note:
I am aware of #2349 but this supersedes that PR by fixing other bugs:

• l_size = inlen on no-newline line -> heap-overflow memcpy (scanner, section)
• section for(;;) unbounded read past inmem
• *strchr(buf,' ') NULL-deref on embedded-NUL content (two sites)
• xiconf_parse_section entry guard (inoff >= inlen reads past buffer)
• recursive xiconf_service_free -> stack overflow (we made it iterative)
• scur->type = "" literal later free()'d -> invalid free + leak
• op_assign_str leak on repeated attribute

Happy to collaborate if you believe the PR 2349 should be merged first.

Thank you!