From 3615ade0f4226fa832b93246e8d98ebb36199884 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Thu, 11 Dec 2025 16:43:25 +0100 Subject: [PATCH 1/2] files_editline.c: removed trailing whitespace Signed-off-by: Lars Erik Wik --- cf-agent/files_editline.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/cf-agent/files_editline.c b/cf-agent/files_editline.c index cad57925d7..2475d4281f 100644 --- a/cf-agent/files_editline.c +++ b/cf-agent/files_editline.c @@ -1715,11 +1715,11 @@ static bool MatchPolicy(EvalContext *ctx, const char *camel, const char *haystac char *work = xcalloc(1, work_size); strcpy(work, sp); - int written = snprintf(final, final_size, "\\s*%s", + int written = snprintf(final, final_size, "\\s*%s", work); if (written < 0) { - Log(LOG_LEVEL_ERR, + Log(LOG_LEVEL_ERR, "Unexpected failure from snprintf " "(%d - %s) on '%s' (MatchPolicy)", errno, GetErrorStr(), final); @@ -1729,13 +1729,13 @@ static bool MatchPolicy(EvalContext *ctx, const char *camel, const char *haystac { final = xrealloc(final, work_size); final_size = work_size; - written = snprintf(final, final_size, "\\s*%s", + written = snprintf(final, final_size, "\\s*%s", work); if (written < 0) { - Log(LOG_LEVEL_ERR, + Log(LOG_LEVEL_ERR, "Unexpected failure from snprintf " - "(%d - %s) on '%s' (MatchPolicy)", + "(%d - %s) on '%s' (MatchPolicy)", errno, GetErrorStr(), final); return false; } @@ -1758,9 +1758,9 @@ static bool MatchPolicy(EvalContext *ctx, const char *camel, const char *haystac int written = snprintf(final, final_size, "%s\\s*", work); if (written < 0) { - Log(LOG_LEVEL_ERR, + Log(LOG_LEVEL_ERR, "Unexpected failure from snprintf " - "(%d - %s) on '%s' (MatchPolicy)", + "(%d - %s) on '%s' (MatchPolicy)", errno, GetErrorStr(), final); return false; } @@ -1771,9 +1771,9 @@ static bool MatchPolicy(EvalContext *ctx, const char *camel, const char *haystac written = snprintf(final, final_size, "%s\\s*", work); if (written < 0) { - Log(LOG_LEVEL_ERR, + Log(LOG_LEVEL_ERR, "Unexpected failure from snprintf " - "(%d - %s) on '%s' (MatchPolicy)", + "(%d - %s) on '%s' (MatchPolicy)", errno, GetErrorStr(), final); return false; } From 3da06b4b164f075ad71376bc6fe5e11c2de3bcc8 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Thu, 11 Dec 2025 17:05:22 +0100 Subject: [PATCH 2/2] Fixed heap buffer overflow in files edit_line ``` ==25903==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50200004460f at pc 0x7fa23c10ec86 bp 0x7ffef7339c60 sp 0x7ffef7339408 READ of size 1 at 0x50200004460f thread T0 #0 0x7fa23c10ec85 in __interceptor_strncmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:497 #1 0x7fa23be8d09b in StringSafeCompareN /tmp/matchpolicy_poc_3369/cfengine-core/libntech/libutils/string_lib.c:254 #2 0x7fa23be8d10f in StringEqualN /tmp/matchpolicy_poc_3369/cfengine-core/libntech/libutils/string_lib.c:268 #3 0x560644d90e30 in MatchPolicy /tmp/matchpolicy_poc_3369/cfengine-core/cf-agent/files_editline.c:1749 ---snip--- 0x50200004460f is located 1 bytes to the left of 4-byte region [0x502000044610,0x502000044614) allocated by thread T0 here: ---snip--- ``` Ticket: ENT-13590 Changelog: Title Signed-off-by: Lars Erik Wik --- cf-agent/files_editline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cf-agent/files_editline.c b/cf-agent/files_editline.c index 2475d4281f..1b004eda72 100644 --- a/cf-agent/files_editline.c +++ b/cf-agent/files_editline.c @@ -1746,7 +1746,7 @@ static bool MatchPolicy(EvalContext *ctx, const char *camel, const char *haystac } else if (opt == INSERT_MATCH_TYPE_IGNORE_TRAILING) { - if (!StringEqualN(final + final_size - 5, "\\s*", 3)) + if (final_size >= 5 && !StringEqualN(final + final_size - 5, "\\s*", 3)) { const size_t work_size = final_size + 3; char *work = xcalloc(1, work_size);