bpf: Change bpf_obj_name_cpy() to better ensure map's name is init by 0

During get_info_by_fd, the prog/map name is memcpy-ed. It depends on the prog->aux->name and map->name to be zero initialized. bpf_prog_aux is easy to guarantee that aux->name is zero init. The name in bpf_map may be harder to be guaranteed in the future when new map type is added. Hence, this patch makes bpf_obj_name_cpy() to always zero init the prog/map name. Suggested-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Martin KaFai Lau <kafai@fb.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Martin KaFai Lau <kafai@fb.com> 2017-10-05 21:52:11 -0700
committer: David S. Miller <davem@davemloft.net> 2017-10-07 23:29:39 +0100
commit: 473d97343f94ff20f5196078314e4dd83156d3a2 (patch)
tree: 0b740f409d0dd6eea79ff5b16c0711232d4e0e61 /kernel/bpf
parent: f192970de860d3ab90aa9e2a22853201a57bde78 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 0048cb24ba7b..d124e702e040 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -322,6 +322,8 @@ static int bpf_obj_name_cpy(char *dst, const char *src)
 {
 	const char *end = src + BPF_OBJ_NAME_LEN;
 
+	memset(dst, 0, BPF_OBJ_NAME_LEN);
+
 	/* Copy all isalnum() and '_' char */
 	while (src < end && *src) {
 		if (!isalnum(*src) && *src != '_')
@@ -333,9 +335,6 @@ static int bpf_obj_name_cpy(char *dst, const char *src)
 	if (src == end)
 		return -EINVAL;
 
-	/* '\0' terminates dst */
-	*dst = 0;
-
 	return 0;
 }
author	Martin KaFai Lau <kafai@fb.com>	2017-10-05 21:52:11 -0700
committer	David S. Miller <davem@davemloft.net>	2017-10-07 23:29:39 +0100
commit	473d97343f94ff20f5196078314e4dd83156d3a2 (patch)
tree	0b740f409d0dd6eea79ff5b16c0711232d4e0e61 /kernel/bpf
parent	f192970de860d3ab90aa9e2a22853201a57bde78 (diff)