Re: [PATCH bpf-next] libbpf: Fix strncat bounds error in libbpf_prog_type_by_name
From: Andrii Nakryiko
Date: Tue Oct 22 2019 - 14:42:31 EST
On Tue, Oct 22, 2019 at 7:19 AM KP Singh <kpsingh@xxxxxxxxxxxx> wrote:
>
> From: KP Singh <kpsingh@xxxxxxxxxx>
>
> On compiling samples with this change, one gets an error:
>
> error: âstrncatâ specified bound 118 equals destination size
> [-Werror=stringop-truncation]
>
> strncat(dst, name + section_names[i].len,
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name));
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> strncat requires the destination to have enough space for the
> terminating null byte.
>
> Fixes: f75a697e09137 ("libbpf: Auto-detect btf_id of BTF-based raw_tracepoint")
> Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx>
> ---
> tools/lib/bpf/libbpf.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 9364e66d755d..5fff3f15d705 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -4666,7 +4666,7 @@ int libbpf_prog_type_by_name(const char *name, enum bpf_prog_type *prog_type,
> }
> /* prepend "btf_trace_" prefix per kernel convention */
> strncat(dst, name + section_names[i].len,
> - sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name));
> + sizeof(raw_tp_btf_name) - (dst - raw_tp_btf_name + 1));
Just:
sizeof(raw_tp_btf_name) - sizeof("btf_trace_")
?
> ret = btf__find_by_name(btf, raw_tp_btf_name);
> btf__free(btf);
> if (ret <= 0) {
> --
> 2.20.1
>