libbpf: fix an snprintf() overflow check
authorDan Carpenter <dan.carpenter@oracle.com>
Tue, 19 Jul 2022 09:51:28 +0000 (12:51 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Aug 2022 12:23:32 +0000 (14:23 +0200)
[ Upstream commit b77ffb30cfc5f58e957571d8541c6a7e3da19221 ]

The snprintf() function returns the number of bytes it *would* have
copied if there were enough space.  So it can return > the
sizeof(gen->attach_target).

Fixes: 67234743736a ("libbpf: Generate loader program out of BPF ELF file.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/r/YtZ+oAySqIhFl6/J@kili
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
tools/lib/bpf/gen_loader.c

index 33c19590ee4341c89f0c5b3760667e32050e8204..4435c09fe132fb053ed3dfeec8006517060c4a58 100644 (file)
@@ -480,7 +480,7 @@ void bpf_gen__record_attach_target(struct bpf_gen *gen, const char *attach_name,
        gen->attach_kind = kind;
        ret = snprintf(gen->attach_target, sizeof(gen->attach_target), "%s%s",
                       prefix, attach_name);
-       if (ret == sizeof(gen->attach_target))
+       if (ret >= sizeof(gen->attach_target))
                gen->error = -ENOSPC;
 }