diff options
author | Andrii Nakryiko <andrii@kernel.org> | 2021-11-23 16:23:23 -0800 |
---|---|---|
committer | Daniel Borkmann <daniel@iogearbox.net> | 2021-11-26 00:15:03 +0100 |
commit | 57428298b5acf2ba2dd98359c532774f6eaeecb3 (patch) | |
tree | 28e480c67e6e746dc4bea684bc49a9be49303cc4 | |
parent | e2e0d90c550a2588ebed7aa2753adaac0f633989 (diff) | |
download | linux-57428298b5acf2ba2dd98359c532774f6eaeecb3.tar.bz2 |
selftests/bpf: Prevent out-of-bounds stack access in test_bpffs
Buf can be not zero-terminated leading to strstr() to access data beyond
the intended buf[] array. Fix by forcing zero termination.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20211124002325.1737739-12-andrii@kernel.org
-rw-r--r-- | tools/testing/selftests/bpf/prog_tests/test_bpffs.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c index ada95bfb9b1b..214d9f4a94a5 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c +++ b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c @@ -19,11 +19,13 @@ static int read_iter(char *file) fd = open(file, 0); if (fd < 0) return -1; - while ((len = read(fd, buf, sizeof(buf))) > 0) + while ((len = read(fd, buf, sizeof(buf))) > 0) { + buf[sizeof(buf) - 1] = '\0'; if (strstr(buf, "iter")) { close(fd); return 0; } + } close(fd); return -1; } |