libbpf: Fix out-of-bound read

[ Upstream commit 236d3910117e9f97ebf75e511d8bcc950f1a4e5f ] In `set_kcfg_value_str`, an untrusted string is accessed with the assumption that it will be at least two characters long due to the presence of checks for opening and closing quotes. But the check for the closing quote (value[len - 1] != '"') misses the fact that it could be checking the opening quote itself in case of an invalid input that consists of just the opening quote. This commit adds an explicit check to make sure the string is at least two characters long. Signed-off-by: Nandakumar Edamana <nandakumar@nandakumar.co.in> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20250221210110.3182084-1-nandakumar@nandakumar.co.in Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Nandakumar Edamana <nandakumar@nandakumar.co.in> 2025-02-22 02:31:11 +0530
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-06-04 14:42:06 +0200
commit: ecd205a5241dff6b9030aa69f90c65a364511adb (patch)
tree: 48144dba2da8fd028662c473d6a197911dfd4665 /tools/lib/bpf/libbpf.c
parent: e17a6ba07929b693657bcc00c9393d3926a73a32 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 2fad178949ef..fa2abe56e845 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -1802,7 +1802,7 @@ static int set_kcfg_value_str(struct extern_desc *ext, char *ext_val,
 	}
 
 	len = strlen(value);
-	if (value[len - 1] != '"') {
+	if (len < 2 || value[len - 1] != '"') {
 		pr_warn("extern (kcfg) '%s': invalid string config '%s'\n",
 			ext->name, value);
 		return -EINVAL;
author	Nandakumar Edamana <nandakumar@nandakumar.co.in>	2025-02-22 02:31:11 +0530
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-06-04 14:42:06 +0200
commit	ecd205a5241dff6b9030aa69f90c65a364511adb (patch)
tree	48144dba2da8fd028662c473d6a197911dfd4665 /tools/lib/bpf/libbpf.c
parent	e17a6ba07929b693657bcc00c9393d3926a73a32 (diff)