[PATCH] perf tools: Check for over-long path in is_directory()
From: Ben Hutchings
Date: Tue Nov 20 2018 - 14:41:54 EST
is_directory() uses sprintf() which could potentially result in a
stack buffer overrun. Change to use snprintf() and assert that
the output fits in the buffer.
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
A better fix would be to pass the directory fd in and use fstatat()
but I don't know whether you want to support older kernel versions
or C libraries that don't support this.
Ben.
tools/perf/util/path.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/path.c b/tools/perf/util/path.c
index ca56ba2dd3da..333e20f78ced 100644
--- a/tools/perf/util/path.c
+++ b/tools/perf/util/path.c
@@ -84,8 +84,11 @@ bool is_directory(const char *base_path, const struct dirent *dent)
{
char path[PATH_MAX];
struct stat st;
+ int len;
+
+ len = snprintf(path, sizeof(path), "%s/%s", base_path, dent->d_name);
+ assert((size_t)len < sizeof(path));
- sprintf(path, "%s/%s", base_path, dent->d_name);
if (stat(path, &st))
return false;
Attachment:
signature.asc
Description: PGP signature