The current check "if (n == sizeof(buf))" is incorrect for detecting
buffer overflow from readlink(). When readlink() fills the entire
buffer, it returns sizeof(buf) but does not null-terminate the string,
leading to potential buffer overrun in subsequent string operations.
Fix by changing the condition to "n >= sizeof(buf)" to properly detect
when the buffer is completely filled, ensuring space is reserved for
null termination.
Signed-off-by: Kaushlendra Kumar <kaushlendra.kumar@xxxxxxxxx>
---
tools/bpf/bpftool/common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
index b07317d2842f..eebaa6896bd1 100644
--- a/tools/bpf/bpftool/common.c
+++ b/tools/bpf/bpftool/common.c
@@ -464,7 +464,7 @@ int get_fd_type(int fd)
p_err("can't read link type: %s", strerror(errno));
return -1;
}
- if (n == sizeof(buf)) {
+ if (n >= sizeof(buf)) {
p_err("can't read link type: path too long!");
return -1;
}
--
2.34.1
