From 961728b590cee430ce2fb7a22300869f505823cb Mon Sep 17 00:00:00 2001 From: Roberto Scolaro Date: Fri, 3 May 2024 14:02:50 +0000 Subject: [PATCH] fix(modern_bpf): avoid overflow reading sockaddr_storage Signed-off-by: Roberto Scolaro --- driver/modern_bpf/helpers/store/auxmap_store_params.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/driver/modern_bpf/helpers/store/auxmap_store_params.h b/driver/modern_bpf/helpers/store/auxmap_store_params.h index 8bb6f8a9c1..56bcd753e9 100644 --- a/driver/modern_bpf/helpers/store/auxmap_store_params.h +++ b/driver/modern_bpf/helpers/store/auxmap_store_params.h @@ -601,6 +601,9 @@ static __always_inline void auxmap__store_sockaddr_param(struct auxiliary_map *a /* Map the user-provided address to a sockaddr_un. */ struct sockaddr_un *sockaddr_un = (struct sockaddr_un *)sockaddr; + if (addrlen == sizeof(struct __kernel_sockaddr_storage)) + addrlen -= 1; + /* Starting at `sockaddr_un` we have the socket family and after it * the `sun_path`. * @@ -620,6 +623,7 @@ static __always_inline void auxmap__store_sockaddr_param(struct auxiliary_map *a { /* This is an abstract socket address, we need to skip the initial `\0`. */ start_reading_point = (unsigned long)sockaddr_un->sun_path + 1; + addrlen -= 1; } else { @@ -631,7 +635,7 @@ static __always_inline void auxmap__store_sockaddr_param(struct auxiliary_map *a * - socket_unix_path (sun_path). */ push__u8(auxmap->data, &auxmap->payload_pos, socket_family_to_scap(socket_family)); - uint16_t written_bytes = push__charbuf(auxmap->data, &auxmap->payload_pos, start_reading_point, MAX_UNIX_SOCKET_PATH, KERNEL); + uint16_t written_bytes = push__charbuf(auxmap->data, &auxmap->payload_pos, start_reading_point, addrlen, KERNEL); final_param_len = FAMILY_SIZE + written_bytes; break; }