tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

selftests/bpf: xdp_hw_metadata use strncpy for ifname

The ifname char pointer is taken directly from the command line
as input and the string is copied directly into struct ifreq
via strcpy. This makes it easy to corrupt other members of ifreq
and generally do stack overflows.

Most often the ioctl will fail with:

./xdp_hw_metadata: ioctl(SIOCETHTOOL): Bad address

As people will likely copy-paste code for getting NIC queue
channels (rxq_num) and enabling HW timestamping (hwtstamp_ioctl)
lets make this code a bit more secure by using strncpy.

Fixes: 297a3f124155 ("selftests/bpf: Simple program to dump XDP RX metadata")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/bpf/167527272543.937063.16993147790832546209.stgit@firesoul

authored by

Jesper Dangaard Brouer and committed by
Daniel Borkmann e8a3c8bd 7bd4224d

+2 -2
+2 -2
tools/testing/selftests/bpf/xdp_hw_metadata.c
··· 270 270 struct ifreq ifr = { 271 271 .ifr_data = (void *)&ch, 272 272 }; 273 - strcpy(ifr.ifr_name, ifname); 273 + strncpy(ifr.ifr_name, ifname, IF_NAMESIZE - 1); 274 274 int fd, ret; 275 275 276 276 fd = socket(AF_UNIX, SOCK_DGRAM, 0); ··· 291 291 struct ifreq ifr = { 292 292 .ifr_data = (void *)cfg, 293 293 }; 294 - strcpy(ifr.ifr_name, ifname); 294 + strncpy(ifr.ifr_name, ifname, IF_NAMESIZE - 1); 295 295 int fd, ret; 296 296 297 297 fd = socket(AF_UNIX, SOCK_DGRAM, 0);