From: Michael Kerrisk Date: Sat, 24 Oct 2020 08:46:28 +0000 (+0200) Subject: seccomp_user_notif.2: EXAMPLE: correct the check for NUL in buffer returned by read() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2be37e65b3e5032d266f079e02817f64179ac098;p=thirdparty%2Fman-pages.git seccomp_user_notif.2: EXAMPLE: correct the check for NUL in buffer returned by read() In the usual case, read(fd, buf, PATH_MAX) will return PATH_MAX bytes that include trailing garbage after the pathname. So the right check is to scan from the start of the buffer to see if there's a NUL, and error if there is not. Signed-off-by: Michael Kerrisk --- diff --git a/man2/seccomp_user_notif.2 b/man2/seccomp_user_notif.2 index 7ee9f866ca..3b2617ed38 100644 --- a/man2/seccomp_user_notif.2 +++ b/man2/seccomp_user_notif.2 @@ -1216,7 +1216,6 @@ getTargetPathname(struct seccomp_notif *req, int notifyFd, char *path, size_t len) { char procMemPath[PATH_MAX]; - bool res = true; snprintf(procMemPath, sizeof(procMemPath), "/proc/%d/mem", req\->pid); @@ -1247,18 +1246,19 @@ getTargetPathname(struct seccomp_notif *req, int notifyFd, exit(EXIT_FAILURE); } + if (close(procMemFd) == \-1) + errExit("close\-/proc/PID/mem"); + /* We have no guarantees about what was in the memory of the target process. We therefore treat the buffer returned by pread() as untrusted input. The buffer should be terminated by a null byte; if not, then we will trigger an error for the target process. */ - if (path[nread \- 1] != \(aq\0\(aq) - res = false; - - if (close(procMemFd) == \-1) - errExit("close\-/proc/PID/mem"); + for (int j = 0; j < nread; j++) + if (path[j] == \(aq\0\(aq) + return true; - return res; + return false; } /* Handle notifications that arrive via the SECCOMP_RET_USER_NOTIF file