From: Andrii Nakryiko <andrii@kernel.org> mainline inclusion from mainline-5.17-rc1 commit 57428298b5acf2ba2dd98359c532774f6eaeecb3 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5EUVD CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... ------------------------------------------------- Buf can be not zero-terminated leading to strstr() to access data beyond the intended buf[] array. Fix by forcing zero termination. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20211124002325.1737739-12-andrii@kernel.org (cherry picked from commit 57428298b5acf2ba2dd98359c532774f6eaeecb3) Signed-off-by: Wang Yufen <wangyufen@huawei.com> --- tools/testing/selftests/bpf/prog_tests/test_bpffs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c index 172c999e523c..506e098b17db 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c +++ b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c @@ -18,11 +18,13 @@ static int read_iter(char *file) fd = open(file, 0); if (fd < 0) return -1; - while ((len = read(fd, buf, sizeof(buf))) > 0) + while ((len = read(fd, buf, sizeof(buf))) > 0) { + buf[sizeof(buf) - 1] = '\0'; if (strstr(buf, "iter")) { close(fd); return 0; } + } close(fd); return -1; } -- 2.20.1