Handle virtual packages in dpkginfo probe

0intro · evgenyz · commit 4a76c3b7d4a7 · 2025-10-15T12:40:09.000+02:00
This change handles virtual packages in dpkginfo probe
by parsing the "Provides" field of /var/lib/dpkg/status.

Instead of relying on the "Package" field exclusively,
this change also matches the requested package name with
the package names listed in the "Provides" field.

It should allow to query virtual package names like
"system-log-daemon" to actually installed packages
likes "rsyslog" and so on.

See deb-control(5).
diff --git a/src/OVAL/probes/unix/linux/dpkginfo-helper.c b/src/OVAL/probes/unix/linux/dpkginfo-helper.c
@@ -68,7 +68,7 @@ static int version(struct dpkginfo_reply_t *reply)
 struct dpkginfo_reply_t* dpkginfo_get_by_name(const char *name, int *err)
 {
 	FILE *f;
-	char buf[DPKG_STATUS_BUFFER_SIZE], path[PATH_MAX], *root, *key, *value;
+	char buf[DPKG_STATUS_BUFFER_SIZE], path[PATH_MAX], *root, *key, *value, *p;
 	struct dpkginfo_reply_t *reply;
 
 	*err = 0;
@@ -93,8 +93,14 @@ struct dpkginfo_reply_t* dpkginfo_get_by_name(const char *name, int *err)
 		if (buf[0] == '\n') {
 			// New package entry.
 			if (reply != NULL) {
-				// Package found.
-				goto out;
+				if (reply->name != NULL) {
+					// Package found.
+					goto out;
+				} else {
+					// Package not found yet.
+					dpkginfo_free_reply(reply);
+					reply = NULL;
+				}
 			}
 			continue;
 		}
@@ -113,12 +119,12 @@ struct dpkginfo_reply_t* dpkginfo_get_by_name(const char *name, int *err)
 		value = trimleft(value);
 		// Package should be the first line.
 		if (strcmp(key, "Package") == 0) {
+			if (reply != NULL)
+				continue;
+			reply = calloc(1, sizeof(*reply));
+			if (reply == NULL)
+				goto err;
 			if (strcmp(value, name) == 0) {
-				if (reply != NULL)
-					continue;
-				reply = calloc(1, sizeof(*reply));
-				if (reply == NULL)
-					goto err;
 				reply->name = strdup(value);
 				if (reply->name == NULL)
 					goto err;
@@ -142,6 +148,23 @@ struct dpkginfo_reply_t* dpkginfo_get_by_name(const char *name, int *err)
 					goto err;
 				if (version(reply) < 0)
 					goto err;
+			} else if (strcmp(key, "Provides") == 0) {
+				// Handle virtual packages.
+				char *s = strtok(value, ",");
+				while (s != NULL) {
+					s = trimleft(s);
+					// Ignore version.
+					p = strchr(s, ' ');
+					if (p != NULL)
+						*p++ = '\0';
+					if (strcmp(s, name) == 0) {
+						reply->name = strdup(value);
+						if (reply->name == NULL)
+							goto err;
+						break;
+					}
+					s = strtok(NULL, ",");
+				}
 			}
 		}
 	}
