diff options
| author | Azeem Shaikh <azeemshaikh38@gmail.com> | 2023-05-30 15:56:59 +0000 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2023-05-31 13:04:20 +0200 |
| commit | ffadc372529e268b54c5b98f56da07d8024fa1cb (patch) | |
| tree | 6ed4d16e41bb83401a3372149a28cb21dabb2c8c /kernel/bpf/preload | |
| parent | 0d2da4b595d03009db7dfb5ebf01c547b89b0ad8 (diff) | |
bpf: Replace all non-returning strlcpy with strscpy
strlcpy() reads the entire source buffer first. This read may exceed the
destination size limit. This is both inefficient and can lead to linear
read overflows if a source string is not NUL-terminated [1]. This is not
the case here, however, in an effort to remove strlcpy() completely [2],
lets replace strlcpy() here with strscpy(). No return values were used,
so a direct replacement is safe.
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
[2] https://github.com/KSPP/linux/issues/89
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/bpf/20230530155659.309657-1-azeemshaikh38@gmail.com
Diffstat (limited to 'kernel/bpf/preload')
| -rw-r--r-- | kernel/bpf/preload/bpf_preload_kern.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/bpf/preload/bpf_preload_kern.c b/kernel/bpf/preload/bpf_preload_kern.c index b56f9f3314fd..0c63bc2cd895 100644 --- a/kernel/bpf/preload/bpf_preload_kern.c +++ b/kernel/bpf/preload/bpf_preload_kern.c @@ -23,9 +23,9 @@ static void free_links_and_skel(void) static int preload(struct bpf_preload_info *obj) { - strlcpy(obj[0].link_name, "maps.debug", sizeof(obj[0].link_name)); + strscpy(obj[0].link_name, "maps.debug", sizeof(obj[0].link_name)); obj[0].link = maps_link; - strlcpy(obj[1].link_name, "progs.debug", sizeof(obj[1].link_name)); + strscpy(obj[1].link_name, "progs.debug", sizeof(obj[1].link_name)); obj[1].link = progs_link; return 0; } |