naccyde / rpms / iproute

Forked from rpms/iproute 9 months ago
Clone

Blame SOURCES/0005-bpf-Make-bytecode-file-reading-a-little-more-robust.patch

cd1737
From 91cda136ef27402256dbf85434374b43ab52d932 Mon Sep 17 00:00:00 2001
cd1737
From: Phil Sutter <psutter@redhat.com>
cd1737
Date: Fri, 11 Aug 2017 11:15:30 +0200
cd1737
Subject: [PATCH] bpf: Make bytecode-file reading a little more robust
cd1737
cd1737
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477491
cd1737
Upstream Status: iproute2.git commit 3da3ebfca85b8
cd1737
cd1737
commit 3da3ebfca85b8f1e8252b898453d8cb383c5c398
cd1737
Author: Phil Sutter <phil@nwl.cc>
cd1737
Date:   Wed Aug 2 14:57:56 2017 +0200
cd1737
cd1737
    bpf: Make bytecode-file reading a little more robust
cd1737
cd1737
    bpf_parse_string() will now correctly handle:
cd1737
cd1737
    - Extraneous whitespace,
cd1737
    - OPs on multiple lines and
cd1737
    - overlong file names.
cd1737
cd1737
    The added feature of allowing to have OPs on multiple lines (like e.g.
cd1737
    tcpdump prints them) is rather a side effect of fixing detection of
cd1737
    malformed bytecode files having random content on a second line, like
cd1737
    e.g.:
cd1737
cd1737
    | 4,40 0 0 12,21 0 1 2048,6 0 0 262144,6 0 0 0
cd1737
    | foobar
cd1737
cd1737
    Cc: Daniel Borkmann <daniel@iogearbox.net>
cd1737
    Signed-off-by: Phil Sutter <phil@nwl.cc>
cd1737
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
cd1737
---
cd1737
 lib/bpf.c | 32 ++++++++++++++++++++++++--------
cd1737
 1 file changed, 24 insertions(+), 8 deletions(-)
cd1737
cd1737
diff --git a/lib/bpf.c b/lib/bpf.c
d30c09
index 04ee1ab9b2bc3..73dac5c37cc91 100644
cd1737
--- a/lib/bpf.c
cd1737
+++ b/lib/bpf.c
cd1737
@@ -160,11 +160,11 @@ static int bpf_parse_string(char *arg, bool from_file, __u16 *bpf_len,
cd1737
 
cd1737
 	if (from_file) {
cd1737
 		size_t tmp_len, op_len = sizeof("65535 255 255 4294967295,");
cd1737
-		char *tmp_string, *last;
cd1737
+		char *tmp_string, *pos, c, c_prev = ' ';
cd1737
 		FILE *fp;
cd1737
 
cd1737
 		tmp_len = sizeof("4096,") + BPF_MAXINSNS * op_len;
cd1737
-		tmp_string = calloc(1, tmp_len);
cd1737
+		tmp_string = pos = calloc(1, tmp_len);
cd1737
 		if (tmp_string == NULL)
cd1737
 			return -ENOMEM;
cd1737
 
cd1737
@@ -175,17 +175,33 @@ static int bpf_parse_string(char *arg, bool from_file, __u16 *bpf_len,
cd1737
 			return -ENOENT;
cd1737
 		}
cd1737
 
cd1737
-		if (!fgets(tmp_string, tmp_len, fp)) {
cd1737
+		while ((c = fgetc(fp)) != EOF) {
cd1737
+			switch (c) {
cd1737
+			case '\n':
cd1737
+				if (c_prev != ',')
cd1737
+					*(pos++) = ',';
cd1737
+				break;
cd1737
+			case ' ':
cd1737
+			case '\t':
cd1737
+				if (c_prev != ' ')
cd1737
+					*(pos++) = c;
cd1737
+				break;
cd1737
+			default:
cd1737
+				*(pos++) = c;
cd1737
+			}
cd1737
+			if (pos - tmp_string == tmp_len)
cd1737
+				break;
cd1737
+			c_prev = c;
cd1737
+		}
cd1737
+
cd1737
+		if (!feof(fp)) {
cd1737
 			free(tmp_string);
cd1737
 			fclose(fp);
cd1737
-			return -EIO;
cd1737
+			return -E2BIG;
cd1737
 		}
cd1737
 
cd1737
 		fclose(fp);
cd1737
-
cd1737
-		last = &tmp_string[strlen(tmp_string) - 1];
cd1737
-		if (*last == '\n')
cd1737
-			*last = 0;
cd1737
+		*pos = 0;
cd1737
 
cd1737
 		*need_release = true;
cd1737
 		*bpf_string = tmp_string;
cd1737
-- 
d30c09
2.21.0
cd1737