tools/bpf/bpftool: fix buffer handling in get_fd_type()

kaushlen · Kernel Patches Daemon · commit 8ea2329aabcf · 2025-09-01T02:31:37.000-07:00
The current check "if (n == sizeof(buf))" is incorrect for detecting
buffer overflow from readlink(). When readlink() fills the entire
buffer, it returns sizeof(buf) but does not null-terminate the string,
leading to potential buffer overrun in subsequent string operations.

Fix by changing the condition to "n &gt;= sizeof(buf)" to properly detect
when the buffer is completely filled, ensuring space is reserved for
null termination.

Signed-off-by: Kaushlendra Kumar &lt;kaushlendra.kumar@intel.com&gt;
diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
@@ -464,7 +464,7 @@ int get_fd_type(int fd)
 		p_err("can't read link type: %s", strerror(errno));
 		return -1;
 	}
-	if (n == sizeof(buf)) {
+	if (n >= sizeof(buf)) {
 		p_err("can't read link type: path too long!");
 		return -1;
 	}

Original file line number	Diff line number	Diff line change
`@@ -464,7 +464,7 @@ int get_fd_type(int fd)`
`464`	`464`	`p_err("can't read link type: %s", strerror(errno));`
`465`	`465`	`return -1;`
`466`	`466`	`}`
`467`		`- if (n == sizeof(buf)) {`
	`467`	`+ if (n >= sizeof(buf)) {`
`468`	`468`	`p_err("can't read link type: path too long!");`
`469`	`469`	`return -1;`
`470`	`470`	`}`