bpftool: Fix readlink usage in get_fd_type

[ Upstream commit 0053f7d39d491b6138d7c526876d13885cbb65f1 ]

The `readlink(path, buf, sizeof(buf))` call reads at most sizeof(buf)
bytes and *does not* append null-terminator to buf. With respect to
that, fix two pieces in get_fd_type:

1. Change the truncation check to contain sizeof(buf) rather than
   sizeof(path).
2. Append null-terminator to buf.

Reported by Coverity.

Signed-off-by: Viktor Malik <vmalik@redhat.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Quentin Monnet <qmo@kernel.org>
Link: https://lore.kernel.org/bpf/20250129071857.75182-1-vmalik@redhat.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
index eefa2b34e641ab85294e8576f44f881cac8ed865..33065b17900faf63b98ee0dffc285279782062ba 100644 (file)
--- a/tools/bpf/bpftool/common.c
+++ b/tools/bpf/bpftool/common.c
@@ -311,10 +311,11 @@ int get_fd_type(int fd)
                p_err("can't read link type: %s", strerror(errno));
                return -1;
        }
-       if (n == sizeof(path)) {
+       if (n == sizeof(buf)) {
                p_err("can't read link type: path too long!");
                return -1;
        }
+       buf[n] = '\0';
 
        if (strstr(buf, "bpf-map"))
                return BPF_OBJ_MAP;