update(userspace): narrow down buf boundaries

jasondellaluce · poiana · commit 2fb9b3cfb092 · 2023-01-31T11:16:03.000+01:00
Signed-off-by: Jason Dellaluce &lt;jasondellaluce@gmail.com&gt;
diff --git a/userspace/libscap/linux/scap_fds.c b/userspace/libscap/linux/scap_fds.c
@@ -75,7 +75,7 @@ int32_t scap_fd_handle_pipe(struct scap_proclist* proclist, char *fname, scap_th
 	uint64_t ino;
 	struct stat sb;
 
-	r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE);
+	r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE - 1);
 	if (r <= 0)
 	{
 		return scap_errprintf(error, errno, "Could not read link %s", fname);
@@ -274,7 +274,7 @@ int32_t scap_fd_handle_regular_file(struct scap_proclist *proclist, char *fname,
 	char link_name[SCAP_MAX_PATH_SIZE];
 	ssize_t r;
 
-	r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE);
+	r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE - 1);
 	if (r <= 0)
 	{
 		return SCAP_SUCCESS;
@@ -382,7 +382,7 @@ int32_t scap_fd_handle_socket(struct scap_proclist *proclist, char *fname, scap_
 		}
 	}
 
-	r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE);
+	r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE - 1);
 	if(r <= 0)
 	{
 		return SCAP_SUCCESS;
@@ -1227,7 +1227,7 @@ int32_t scap_fd_scan_fd_dir(scap_t *handle, char *procdir, scap_threadinfo *tinf
 	// Get the network namespace of the process
 	//
 	snprintf(f_name, sizeof(f_name), "%sns/net", procdir);
-	r = readlink(f_name, link_name, sizeof(link_name));
+	r = readlink(f_name, link_name, sizeof(link_name) - 1);
 	if(r <= 0)
 	{
 		//
diff --git a/userspace/libscap/linux/scap_procs.c b/userspace/libscap/linux/scap_procs.c
@@ -557,8 +557,10 @@ int32_t scap_proc_fill_root(char* error, struct scap_threadinfo* tinfo, const ch
 {
 	char root_path[SCAP_MAX_PATH_SIZE];
 	snprintf(root_path, sizeof(root_path), "%sroot", procdirname);
-	if ( readlink(root_path, tinfo->root, sizeof(tinfo->root)) > 0)
+	ssize_t r = readlink(root_path, tinfo->root, sizeof(tinfo->root) - 1);
+	if (r > 0)
 	{
+		tinfo->root[r] = '\0';
 		return SCAP_SUCCESS;
 	}
 	else
diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp
@@ -4561,6 +4561,7 @@ void sinsp_parser::parse_getcwd_exit(sinsp_evt *evt)
 
 				if(target_res > 0)
 				{
+					target_name[target_res] = '\0';
 					if(target_name != evt->m_tinfo->get_cwd())
 					{
 						printf("%s != %s", target_name, evt->m_tinfo->get_cwd().c_str());
diff --git a/userspace/libsinsp/sinsp_auth.cpp b/userspace/libsinsp/sinsp_auth.cpp
@@ -68,7 +68,7 @@ std::string sinsp_ssl::memorize_file(const std::string& disk_file)
 		char buf[FILENAME_MAX] = { 0 };
 		std::ifstream ifs(disk_file);
 		std::string fd_path = "/proc/self/fd/" + std::to_string(fd);
-		ssize_t sz = readlink(fd_path.c_str(), buf, sizeof(buf));
+		ssize_t sz = readlink(fd_path.c_str(), buf, sizeof(buf) - 1);
 		if(sz != -1 && sz <= static_cast<ssize_t>(sizeof(buf)))
 		{
 			mem_file.assign(buf, sz);

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ int32_t scap_fd_handle_pipe(struct scap_proclist* proclist, char *fname, scap_th`
`75`	`75`	`uint64_t ino;`
`76`	`76`	`struct stat sb;`
`77`	`77`
`78`		`- r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE);`
	`78`	`+ r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE - 1);`
`79`	`79`	`if (r <= 0)`
`80`	`80`	`{`
`81`	`81`	`return scap_errprintf(error, errno, "Could not read link %s", fname);`
`@@ -274,7 +274,7 @@ int32_t scap_fd_handle_regular_file(struct scap_proclist proclist, char fname,`
`274`	`274`	`char link_name[SCAP_MAX_PATH_SIZE];`
`275`	`275`	`ssize_t r;`
`276`	`276`
`277`		`- r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE);`
	`277`	`+ r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE - 1);`
`278`	`278`	`if (r <= 0)`
`279`	`279`	`{`
`280`	`280`	`return SCAP_SUCCESS;`
`@@ -382,7 +382,7 @@ int32_t scap_fd_handle_socket(struct scap_proclist proclist, char fname, scap_`
`382`	`382`	`}`
`383`	`383`	`}`
`384`	`384`
`385`		`- r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE);`
	`385`	`+ r = readlink(fname, link_name, SCAP_MAX_PATH_SIZE - 1);`
`386`	`386`	`if(r <= 0)`
`387`	`387`	`{`
`388`	`388`	`return SCAP_SUCCESS;`
`@@ -1227,7 +1227,7 @@ int32_t scap_fd_scan_fd_dir(scap_t handle, char procdir, scap_threadinfo *tinf`
`1227`	`1227`	`// Get the network namespace of the process`
`1228`	`1228`	`//`
`1229`	`1229`	`snprintf(f_name, sizeof(f_name), "%sns/net", procdir);`
`1230`		`- r = readlink(f_name, link_name, sizeof(link_name));`
	`1230`	`+ r = readlink(f_name, link_name, sizeof(link_name) - 1);`
`1231`	`1231`	`if(r <= 0)`
`1232`	`1232`	`{`
`1233`	`1233`	`//`
Original file line number	Diff line number	Diff line change
`@@ -557,8 +557,10 @@ int32_t scap_proc_fill_root(char* error, struct scap_threadinfo* tinfo, const ch`
`557`	`557`	`{`
`558`	`558`	`char root_path[SCAP_MAX_PATH_SIZE];`
`559`	`559`	`snprintf(root_path, sizeof(root_path), "%sroot", procdirname);`
`560`		`- if ( readlink(root_path, tinfo->root, sizeof(tinfo->root)) > 0)`
	`560`	`+ ssize_t r = readlink(root_path, tinfo->root, sizeof(tinfo->root) - 1);`
	`561`	`+ if (r > 0)`
`561`	`562`	`{`
	`563`	`+ tinfo->root[r] = '\0';`
`562`	`564`	`return SCAP_SUCCESS;`
`563`	`565`	`}`
`564`	`566`	`else`
Original file line number	Diff line number	Diff line change
`@@ -4561,6 +4561,7 @@ void sinsp_parser::parse_getcwd_exit(sinsp_evt *evt)`
`4561`	`4561`
`4562`	`4562`	`if(target_res > 0)`
`4563`	`4563`	`{`
	`4564`	`+ target_name[target_res] = '\0';`
`4564`	`4565`	`if(target_name != evt->m_tinfo->get_cwd())`
`4565`	`4566`	`{`
`4566`	`4567`	`printf("%s != %s", target_name, evt->m_tinfo->get_cwd().c_str());`
Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ std::string sinsp_ssl::memorize_file(const std::string& disk_file)`
`68`	`68`	`char buf[FILENAME_MAX] = { 0 };`
`69`	`69`	`std::ifstream ifs(disk_file);`
`70`	`70`	`std::string fd_path = "/proc/self/fd/" + std::to_string(fd);`
`71`		`- ssize_t sz = readlink(fd_path.c_str(), buf, sizeof(buf));`
	`71`	`+ ssize_t sz = readlink(fd_path.c_str(), buf, sizeof(buf) - 1);`
`72`	`72`	`if(sz != -1 && sz <= static_cast<ssize_t>(sizeof(buf)))`
`73`	`73`	`{`
`74`	`74`	`mem_file.assign(buf, sz);`