Skip to content

ENT-13590: Fixed heap buffer overflow in files edit_line #5993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
larsewi merged 2 commits into from
Dec 19, 2025
Merged

ENT-13590: Fixed heap buffer overflow in files edit_line #5993

larsewi merged 2 commits into from
Dec 19, 2025
+10 −10

Conversation

@larsewi
Copy link
Contributor

@larsewi larsewi commented Dec 11, 2025
edited
Loading

  • files_editline.c: removed trailing whitespace
  • Fixed heap buffer overflow in files edit_line

Backported to #6001

@larsewi
files_editline.c: removed trailing whitespace
3615ade 
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi
Fixed heap buffer overflow in files edit_line
3da06b4 
```
==25903==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50200004460f at pc 0x7fa23c10ec86 bp 0x7ffef7339c60 sp 0x7ffef7339408
READ of size 1 at 0x50200004460f thread T0
    #0 0x7fa23c10ec85 in __interceptor_strncmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:497
    #1 0x7fa23be8d09b in StringSafeCompareN /tmp/matchpolicy_poc_3369/cfengine-core/libntech/libutils/string_lib.c:254
    #2 0x7fa23be8d10f in StringEqualN /tmp/matchpolicy_poc_3369/cfengine-core/libntech/libutils/string_lib.c:268
    cfengine#3 0x560644d90e30 in MatchPolicy /tmp/matchpolicy_poc_3369/cfengine-core/cf-agent/files_editline.c:1749
 ---snip---
0x50200004460f is located 1 bytes to the left of 4-byte region [0x502000044610,0x502000044614)
allocated by thread T0 here:
 ---snip---
```

Ticket: ENT-13590
Changelog: Title
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@cf-bottom
Copy link

cf-bottom commented Dec 12, 2025

Thank you for submitting a PR! Maybe @craigcomstock can review this?

@larsewi larsewi added the cherry-pick? Fixes which may need to be cherry-picked to LTS branches label Dec 15, 2025
@larsewi larsewi mentioned this pull request Dec 15, 2025
Merged
@larsewi larsewi removed the cherry-pick? Fixes which may need to be cherry-picked to LTS branches label Dec 15, 2025
@cfengine cfengine deleted a comment from cf-bottom Dec 16, 2025
@larsewi
Copy link
Contributor Author

larsewi commented Dec 17, 2025
edited
Loading

Build Status

@larsewi larsewi merged commit 8015f59 into cfengine:master Dec 19, 2025
46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@craigcomstock craigcomstock craigcomstock approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@larsewi @cf-bottom @craigcomstock