selftests/bpf: Prevent out-of-bounds stack access in test_bpffs

Buf can be not zero-terminated leading to strstr() to access data beyond the intended buf[] array. Fix by forcing zero termination. Signed-off-by: N Andrii Nakryiko <andrii@kernel.org> Signed-off-by: N Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20211124002325.1737739-12-andrii@kernel.org

selftests/bpf: Prevent out-of-bounds stack access in test_bpffs
Buf can be not zero-terminated leading to strstr() to access data beyond the intended buf[] array. Fix by forcing zero termination. Signed-off-by: N Andrii Nakryiko <andrii@kernel.org> Signed-off-by: N Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20211124002325.1737739-12-andrii@kernel.org
57428298 · Andrii Nakryiko · Daniel Borkmann · e2e0d90c · 57428298
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

tools/testing/selftests/bpf/prog_tests/test_bpffs.c tools/testing/selftests/bpf/prog_tests/test_bpffs.c +3 -1

未找到文件。
--- a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c
+++ b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c
@@ -19,11 +19,13 @@ static int read_iter(char *file)
 	fd = open(file, 0);
 	if (fd < 0)
 		return -1;
-	while ((len = read(fd, buf, sizeof(buf))) > 0)
+	while ((len = read(fd, buf, sizeof(buf))) > 0) {
+		buf[sizeof(buf) - 1] = '\0';
 		if (strstr(buf, "iter")) {
 			close(fd);
 			return 0;
 		}
+	}
 	close(fd);
 	return -1;
 }