* [PATCH] perf tools: Check for over-long path in is_directory()
@ 2018-11-20 19:41 Ben Hutchings
0 siblings, 0 replies; only message in thread
From: Ben Hutchings @ 2018-11-20 19:41 UTC (permalink / raw)
To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo; +Cc: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 1022 bytes --]
is_directory() uses sprintf() which could potentially result in a
stack buffer overrun. Change to use snprintf() and assert that
the output fits in the buffer.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
A better fix would be to pass the directory fd in and use fstatat()
but I don't know whether you want to support older kernel versions
or C libraries that don't support this.
Ben.
tools/perf/util/path.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/path.c b/tools/perf/util/path.c
index ca56ba2dd3da..333e20f78ced 100644
--- a/tools/perf/util/path.c
+++ b/tools/perf/util/path.c
@@ -84,8 +84,11 @@ bool is_directory(const char *base_path, const struct dirent *dent)
{
char path[PATH_MAX];
struct stat st;
+ int len;
+
+ len = snprintf(path, sizeof(path), "%s/%s", base_path, dent->d_name);
+ assert((size_t)len < sizeof(path));
- sprintf(path, "%s/%s", base_path, dent->d_name);
if (stat(path, &st))
return false;
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2018-11-20 19:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-20 19:41 [PATCH] perf tools: Check for over-long path in is_directory() Ben Hutchings
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).