[PATCH] perf tools: Check for over-long path in is_directory()

From: Ben Hutchings
Date: Tue Nov 20 2018 - 14:41:54 EST

Next message: Manfred Spraul: "Re: [PATCH v11 2/3] ipc: Conserve sequence numbers in ipcmni_extend mode"
Previous message: Andi Kleen: "Re: [REGRESSION] x86, perf: counter freezing breaks rr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

is_directory() uses sprintf() which could potentially result in a
stack buffer overrun. Change to use snprintf() and assert that
the output fits in the buffer.

Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
A better fix would be to pass the directory fd in and use fstatat()
but I don't know whether you want to support older kernel versions
or C libraries that don't support this.

Ben.

tools/perf/util/path.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/path.c b/tools/perf/util/path.c
index ca56ba2dd3da..333e20f78ced 100644
--- a/tools/perf/util/path.c
+++ b/tools/perf/util/path.c
@@ -84,8 +84,11 @@ bool is_directory(const char *base_path, const struct dirent *dent)
{
char path[PATH_MAX];
struct stat st;
+ int len;
+
+ len = snprintf(path, sizeof(path), "%s/%s", base_path, dent->d_name);
+ assert((size_t)len < sizeof(path));

- sprintf(path, "%s/%s", base_path, dent->d_name);
if (stat(path, &st))
return false;

Attachment: signature.asc
Description: PGP signature

Next message: Manfred Spraul: "Re: [PATCH v11 2/3] ipc: Conserve sequence numbers in ipcmni_extend mode"
Previous message: Andi Kleen: "Re: [REGRESSION] x86, perf: counter freezing breaks rr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]