From 3e93457d5f21cdc02f18293de0c2203481ce70b0 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 3 Jan 2019 23:36:22 +0000 Subject: [PATCH] tests: use tail_alloc instead of calloc in bpf-obj_get_info_by_fd-prog* This guarantees that map_info and prog_info objects are not accessed out of bounds. * tests/bpf-obj_get_info_by_fd.c: Include . (main): Use tail_alloc instead of calloc for map_info and prog_info. --- tests/bpf-obj_get_info_by_fd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/bpf-obj_get_info_by_fd.c b/tests/bpf-obj_get_info_by_fd.c index e95afda2..de23831a 100644 --- a/tests/bpf-obj_get_info_by_fd.c +++ b/tests/bpf-obj_get_info_by_fd.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -274,13 +275,14 @@ main(void) * initializer element is not constant. */ #define MAP_INFO_SZ (sizeof(*map_info) + 64) - struct bpf_map_info_struct *map_info = calloc(1, MAP_INFO_SZ); + struct bpf_map_info_struct *map_info = tail_alloc(MAP_INFO_SZ); struct BPF_OBJ_GET_INFO_BY_FD_struct bpf_map_get_info_attr = { .bpf_fd = map_fd, .info_len = MAP_INFO_SZ, .info = (uintptr_t) map_info, }; + memset(map_info, 0, MAP_INFO_SZ); int ret = sys_bpf(BPF_OBJ_GET_INFO_BY_FD, &bpf_map_get_info_attr, sizeof(bpf_map_get_info_attr)); if (ret < 0) @@ -330,7 +332,7 @@ main(void) * initializer element is not constant. */ # define PROG_INFO_SZ (sizeof(*prog_info) + 64) - struct bpf_prog_info_struct *prog_info = calloc(1, PROG_INFO_SZ); + struct bpf_prog_info_struct *prog_info = tail_alloc(PROG_INFO_SZ); struct bpf_insn *xlated_prog = tail_alloc(sizeof(*xlated_prog) * 42); uint32_t *map_ids = tail_alloc(sizeof(*map_ids) * 2); struct BPF_OBJ_GET_INFO_BY_FD_struct bpf_prog_get_info_attr = { @@ -340,6 +342,7 @@ main(void) }; size_t old_prog_info_len = PROG_INFO_SZ; + memset(prog_info, 0, PROG_INFO_SZ); for (unsigned int i = 0; i < 4; i++) { prog_info->jited_prog_len = 0; switch (i) { -- 2.40.0