bpftool: Fix readlink usage in get_fd_type

[ Upstream commit 0053f7d39d491b6138d7c526876d13885cbb65f1 ]

The `readlink(path, buf, sizeof(buf))` call reads at most sizeof(buf)
bytes and *does not* append null-terminator to buf. With respect to
that, fix two pieces in get_fd_type:

1. Change the truncation check to contain sizeof(buf) rather than
   sizeof(path).
2. Append null-terminator to buf.

Reported by Coverity.

Signed-off-by: Viktor Malik <vmalik@redhat.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Quentin Monnet <qmo@kernel.org>
Link: https://lore.kernel.org/bpf/20250129071857.75182-1-vmalik@redhat.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
index b921231d602e4cb10c1da0862f78c63e47d1bc77..ecfa790adc13f22efb73355bbdc037100b4ae1c0 100644 (file)
--- a/tools/bpf/bpftool/common.c
+++ b/tools/bpf/bpftool/common.c
@@ -461,10 +461,11 @@ int get_fd_type(int fd)
                p_err("can't read link type: %s", strerror(errno));
                return -1;
        }
-       if (n == sizeof(path)) {
+       if (n == sizeof(buf)) {
                p_err("can't read link type: path too long!");
                return -1;
        }
+       buf[n] = '\0';
 
        if (strstr(buf, "bpf-map"))
                return BPF_OBJ_MAP;