selftests/bpf: Prevent out-of-bounds stack access in test_bpffs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Buf can be not zero-terminated leading to strstr() to access data beyond
the intended buf[] array. Fix by forcing zero termination.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20211124002325.1737739-12-andrii@kernel.org

authored by

Andrii Nakryiko and committed by

Daniel Borkmann 4 years ago 57428298 e2e0d90c

+3 -1

1 changed file

expand all

tools

testing

selftests

bpf

prog_tests

test_bpffs.c

+3 -1

tools/testing/selftests/bpf/prog_tests/test_bpffs.c

··· 19 19 fd = open(file, 0); 20 20 if (fd < 0) 21 21 return -1; 22 - while ((len = read(fd, buf, sizeof(buf))) > 0) 22 + while ((len = read(fd, buf, sizeof(buf))) > 0) { 23 + buf[sizeof(buf) - 1] = '\0'; 23 24 if (strstr(buf, "iter")) { 24 25 close(fd); 25 26 return 0; 26 27 } 28 + } 27 29 close(fd); 28 30 return -1; 29 31 }