bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH bpf-next] libbpf: Fix strncat bounds error in libbpf_prog_type_by_name
@ 2019-10-22 14:18 KP Singh
  2019-10-22 18:42 ` Andrii Nakryiko
  0 siblings, 1 reply; 2+ messages in thread
From: KP Singh @ 2019-10-22 14:18 UTC (permalink / raw)
  To: linux-kernel, bpf
  Cc: Alexei Starovoitov, Daniel Borkmann, Martin KaFai Lau, Song Liu,
	Yonghong Song, Florent Revest

From: KP Singh <kpsingh@google.com>

On compiling samples with this change, one gets an error:

 error: ‘strncat’ specified bound 118 equals destination size
  [-Werror=stringop-truncation]

    strncat(dst, name + section_names[i].len,
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name));
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

strncat requires the destination to have enough space for the
terminating null byte.

Fixes: f75a697e09137 ("libbpf: Auto-detect btf_id of BTF-based raw_tracepoint")
Signed-off-by: KP Singh <kpsingh@google.com>
---
 tools/lib/bpf/libbpf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 9364e66d755d..5fff3f15d705 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -4666,7 +4666,7 @@ int libbpf_prog_type_by_name(const char *name, enum bpf_prog_type *prog_type,
 			}
 			/* prepend "btf_trace_" prefix per kernel convention */
 			strncat(dst, name + section_names[i].len,
-				sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name));
+				sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name + 1));
 			ret = btf__find_by_name(btf, raw_tp_btf_name);
 			btf__free(btf);
 			if (ret <= 0) {
-- 
2.20.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH bpf-next] libbpf: Fix strncat bounds error in libbpf_prog_type_by_name
  2019-10-22 14:18 [PATCH bpf-next] libbpf: Fix strncat bounds error in libbpf_prog_type_by_name KP Singh
@ 2019-10-22 18:42 ` Andrii Nakryiko
  0 siblings, 0 replies; 2+ messages in thread
From: Andrii Nakryiko @ 2019-10-22 18:42 UTC (permalink / raw)
  To: KP Singh
  Cc: open list, bpf, Alexei Starovoitov, Daniel Borkmann,
	Martin KaFai Lau, Song Liu, Yonghong Song, Florent Revest

On Tue, Oct 22, 2019 at 7:19 AM KP Singh <kpsingh@chromium.org> wrote:
>
> From: KP Singh <kpsingh@google.com>
>
> On compiling samples with this change, one gets an error:
>
>  error: ‘strncat’ specified bound 118 equals destination size
>   [-Werror=stringop-truncation]
>
>     strncat(dst, name + section_names[i].len,
>     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>      sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name));
>      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> strncat requires the destination to have enough space for the
> terminating null byte.
>
> Fixes: f75a697e09137 ("libbpf: Auto-detect btf_id of BTF-based raw_tracepoint")
> Signed-off-by: KP Singh <kpsingh@google.com>
> ---
>  tools/lib/bpf/libbpf.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 9364e66d755d..5fff3f15d705 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -4666,7 +4666,7 @@ int libbpf_prog_type_by_name(const char *name, enum bpf_prog_type *prog_type,
>                         }
>                         /* prepend "btf_trace_" prefix per kernel convention */
>                         strncat(dst, name + section_names[i].len,
> -                               sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name));
> +                               sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name + 1));

Just:

sizeof(raw_tp_btf_name) - sizeof("btf_trace_")

?

>                         ret = btf__find_by_name(btf, raw_tp_btf_name);
>                         btf__free(btf);
>                         if (ret <= 0) {
> --
> 2.20.1
>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-10-22 18:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-22 14:18 [PATCH bpf-next] libbpf: Fix strncat bounds error in libbpf_prog_type_by_name KP Singh
2019-10-22 18:42 ` Andrii Nakryiko

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).