libbpf-tools/bitesize.bpf.c: Fix potential out-of-bounds access in comm_allowed function

chudihuang · yonghong-song · commit d4e505c1e4ed · 2024-06-16T09:45:07.000-07:00
fixes a potential out-of-bounds access in the comm_allowed function. Previously, the condition
in the for loop checked the value of targ_comm[i] before ensuring that i is less than TASK_COMM_LEN.
This could lead to out-of-bounds access if i equals TASK_COMM_LEN.

The condition in the for loop has been updated to check that i is less than TASK_COMM_LEN
before accessing targ_comm[i]. This ensures that targ_comm is not accessed out-of-bounds.
diff --git a/libbpf-tools/bitesize.bpf.c b/libbpf-tools/bitesize.bpf.c
@@ -27,7 +27,7 @@ static __always_inline bool comm_allowed(const char *comm)
 {
 	int i;
 
-	for (i = 0; targ_comm[i] != '\0' && i < TASK_COMM_LEN; i++) {
+	for (i = 0; i < TASK_COMM_LEN && targ_comm[i] != '\0'; i++) {
 		if (comm[i] != targ_comm[i])
 			return false;
 	}

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ static __always_inline bool comm_allowed(const char *comm)`
`27`	`27`	`{`
`28`	`28`	`int i;`
`29`	`29`
`30`		`- for (i = 0; targ_comm[i] != '\0' && i < TASK_COMM_LEN; i++) {`
	`30`	`+ for (i = 0; i < TASK_COMM_LEN && targ_comm[i] != '\0'; i++) {`
`31`	`31`	`if (comm[i] != targ_comm[i])`
`32`	`32`	`return false;`
`33`	`33`	`}`