| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260106133655.249887-17-wander@redhat.com> Date: Tue, 6 Jan 2026 08:49:52 -0300 From: Wander Lairson Costa <wander@...hat.com> To: Steven Rostedt <rostedt@...dmis.org>, Tomas Glozar <tglozar@...hat.com>, Wander Lairson Costa <wander@...hat.com>, Ivan Pravdin <ipravdin.official@...il.com>, Crystal Wood <crwood@...hat.com>, Costa Shulyupin <costa.shul@...hat.com>, John Kacur <jkacur@...hat.com>, Tiezhu Yang <yangtiezhu@...ngson.cn>, linux-trace-kernel@...r.kernel.org (open list:Real-time Linux Analysis (RTLA) tools), linux-kernel@...r.kernel.org (open list:Real-time Linux Analysis (RTLA) tools), bpf@...r.kernel.org (open list:BPF [MISC]:Keyword:(?:\b|_)bpf(?:\b|_)) Subject: [PATCH v2 16/18] rtla: Ensure null termination after read operations in utils.c Add explicit null termination and buffer initialization for read() operations in procfs_is_workload_pid() and get_self_cgroup() functions. The read() system call does not null-terminate the data it reads, and when the buffer is filled to capacity, subsequent string operations will read past the buffer boundary searching for a null terminator. In procfs_is_workload_pid(), explicitly set buffer[MAX_PATH-1] to '\0' to ensure the buffer is always null-terminated before passing it to strncmp(). In get_self_cgroup(), use memset() to zero the path buffer before reading, which ensures null termination when retval is less than MAX_PATH. Additionally, set path[MAX_PATH-1] to '\0' after the read to handle the case where the buffer is filled completely. These defensive buffer handling practices prevent potential buffer overruns and align with the ongoing buffer safety improvements across the rtla codebase. Signed-off-by: Wander Lairson Costa <wander@...hat.com> --- tools/tracing/rtla/src/utils.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/tracing/rtla/src/utils.c b/tools/tracing/rtla/src/utils.c index e0f31e5cae844..508b8891acd86 100644 --- a/tools/tracing/rtla/src/utils.c +++ b/tools/tracing/rtla/src/utils.c @@ -317,6 +317,7 @@ static int procfs_is_workload_pid(const char *comm_prefix, struct dirent *proc_e if (retval <= 0) return 0; + buffer[MAX_PATH-1] = '\0'; retval = strncmp(comm_prefix, buffer, strlen(comm_prefix)); if (retval) return 0; @@ -750,6 +751,7 @@ static int get_self_cgroup(char *self_cg, int sizeof_self_cg) if (fd < 0) return 0; + memset(path, 0, sizeof(path)); retval = read(fd, path, MAX_PATH); close(fd); @@ -757,6 +759,7 @@ static int get_self_cgroup(char *self_cg, int sizeof_self_cg) if (retval <= 0) return 0; + path[MAX_PATH-1] = '\0'; start = path; start = strstr(start, ":"); -- 2.52.0
Powered by blists - more mailing lists