tools/bpf/bpftool: fix buffer handling in get_fd_type()

kaushlen · Kernel Patches Daemon · commit 7015d3d43498 · 2025-09-04T09:02:14.000-07:00
The current check "if (n == sizeof(buf))" is incorrect for detecting
buffer overflow from readlink(). When readlink() fills the entire
buffer, it returns sizeof(buf) but does not null-terminate the string,
leading to potential buffer overrun in subsequent string operations.

Fix by changing the condition to "n &gt;= sizeof(buf)" to properly detect
when the buffer is completely filled, ensuring space is reserved for
null termination.

Signed-off-by: Kaushlendra Kumar &lt;kaushlendra.kumar@intel.com&gt;
diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
@@ -466,7 +466,7 @@ int get_fd_type(int fd)
 		p_err("can't read link type: %s", strerror(errno));
 		return -1;
 	}
-	if (n == sizeof(buf)) {
+	if (n >= sizeof(buf)) {
 		p_err("can't read link type: path too long!");
 		return -1;
 	}

Original file line number	Diff line number	Diff line change
`@@ -466,7 +466,7 @@ int get_fd_type(int fd)`
`466`	`466`	`p_err("can't read link type: %s", strerror(errno));`
`467`	`467`	`return -1;`
`468`	`468`	`}`
`469`		`- if (n == sizeof(buf)) {`
	`469`	`+ if (n >= sizeof(buf)) {`
`470`	`470`	`p_err("can't read link type: path too long!");`
`471`	`471`	`return -1;`
`472`	`472`	`}`