Skip to content

Commit

Permalink
fix(modern_bpf): avoid overflow reading sockaddr_storage
Browse files Browse the repository at this point in the history
Signed-off-by: Roberto Scolaro <[email protected]>
  • Loading branch information
therealbobo committed May 3, 2024
1 parent 7a06f8a commit 961728b
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion driver/modern_bpf/helpers/store/auxmap_store_params.h
Original file line number Diff line number Diff line change
Expand Up @@ -601,6 +601,9 @@ static __always_inline void auxmap__store_sockaddr_param(struct auxiliary_map *a
/* Map the user-provided address to a sockaddr_un. */
struct sockaddr_un *sockaddr_un = (struct sockaddr_un *)sockaddr;

if (addrlen == sizeof(struct __kernel_sockaddr_storage))
addrlen -= 1;

/* Starting at `sockaddr_un` we have the socket family and after it
* the `sun_path`.
*
Expand All @@ -620,6 +623,7 @@ static __always_inline void auxmap__store_sockaddr_param(struct auxiliary_map *a
{
/* This is an abstract socket address, we need to skip the initial `\0`. */
start_reading_point = (unsigned long)sockaddr_un->sun_path + 1;
addrlen -= 1;
}
else
{
Expand All @@ -631,7 +635,7 @@ static __always_inline void auxmap__store_sockaddr_param(struct auxiliary_map *a
* - socket_unix_path (sun_path).
*/
push__u8(auxmap->data, &auxmap->payload_pos, socket_family_to_scap(socket_family));
uint16_t written_bytes = push__charbuf(auxmap->data, &auxmap->payload_pos, start_reading_point, MAX_UNIX_SOCKET_PATH, KERNEL);
uint16_t written_bytes = push__charbuf(auxmap->data, &auxmap->payload_pos, start_reading_point, addrlen, KERNEL);
final_param_len = FAMILY_SIZE + written_bytes;
break;
}
Expand Down

0 comments on commit 961728b

Please sign in to comment.