Skip to content

ENT-13590: Fixed heap buffer overflow in files edit_line (3.24.x) #6001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
larsewi merged 2 commits into from
Dec 19, 2025
Merged

ENT-13590: Fixed heap buffer overflow in files edit_line (3.24.x) #6001

larsewi merged 2 commits into from
Dec 19, 2025
+10 −10

Conversation

@larsewi
Copy link
Contributor

@larsewi larsewi commented Dec 15, 2025
edited
Loading

  • files_editline.c: removed trailing whitespace
  • Fixed heap buffer overflow in files edit_line

Backported from #5993

@larsewi
files_editline.c: removed trailing whitespace
d07b0b9 
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
(cherry picked from commit 3615ade)
@larsewi
Fixed heap buffer overflow in files edit_line
fc96c70 
```
==25903==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50200004460f at pc 0x7fa23c10ec86 bp 0x7ffef7339c60 sp 0x7ffef7339408
READ of size 1 at 0x50200004460f thread T0
    #0 0x7fa23c10ec85 in __interceptor_strncmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:497
    #1 0x7fa23be8d09b in StringSafeCompareN /tmp/matchpolicy_poc_3369/cfengine-core/libntech/libutils/string_lib.c:254
    #2 0x7fa23be8d10f in StringEqualN /tmp/matchpolicy_poc_3369/cfengine-core/libntech/libutils/string_lib.c:268
    cfengine#3 0x560644d90e30 in MatchPolicy /tmp/matchpolicy_poc_3369/cfengine-core/cf-agent/files_editline.c:1749
 ---snip---
0x50200004460f is located 1 bytes to the left of 4-byte region [0x502000044610,0x502000044614)
allocated by thread T0 here:
 ---snip---
```

Ticket: ENT-13590
Changelog: Title
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
(cherry picked from commit 3da06b4)
@larsewi larsewi changed the title editline 3.24.x ENT-13590: Fixed heap buffer overflow in files edit_line (3.24.x) Dec 15, 2025
@larsewi larsewi marked this pull request as ready for review December 15, 2025 10:05
@larsewi larsewi mentioned this pull request Dec 15, 2025
Merged
@larsewi
Copy link
Contributor Author

larsewi commented Dec 18, 2025

Build Status

@larsewi larsewi merged commit 7388264 into cfengine:3.24.x Dec 19, 2025
44 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@larsewi