bpftool: Fix readlink usage in get_fd_type

[ Upstream commit 0053f7d39d491b6138d7c526876d13885cbb65f1 ]

The `readlink(path, buf, sizeof(buf))` call reads at most sizeof(buf)
bytes and *does not* append null-terminator to buf. With respect to
that, fix two pieces in get_fd_type:

1. Change the truncation check to contain sizeof(buf) rather than
   sizeof(path).
2. Append null-terminator to buf.

Reported by Coverity.

Signed-off-by: Viktor Malik <vmalik@redhat.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Quentin Monnet <qmo@kernel.org>
Link: https://lore.kernel.org/bpf/20250129071857.75182-1-vmalik@redhat.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
index e4c65d34fe74f5a4adb829b8b992c9ce2901d64e..2b4773e00ab68f26252ae84a95f65d61885a1509 100644 (file)
--- a/tools/bpf/bpftool/common.c
+++ b/tools/bpf/bpftool/common.c
@@ -318,10 +318,11 @@ int get_fd_type(int fd)
                p_err("can't read link type: %s", strerror(errno));
                return -1;
        }
-       if (n == sizeof(path)) {
+       if (n == sizeof(buf)) {
                p_err("can't read link type: path too long!");
                return -1;
        }
+       buf[n] = '\0';
 
        if (strstr(buf, "bpf-map"))
                return BPF_OBJ_MAP;