From 75b51832bbcea4b176fec299105c66140aafaaea Mon Sep 17 00:00:00 2001 From: xietangxin Date: Mon, 6 May 2024 11:22:24 +0800 Subject: [PATCH] fix buffer overflow caused by strcpy() --- build/install.sh | 6 ++---- src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c | 2 +- src/probes/extends/ebpf.probe/src/lib/tcp.c | 2 +- src/probes/system_infos.probe/system_cpu.c | 2 +- src/probes/system_infos.probe/system_disk.c | 8 ++++---- src/probes/system_infos.probe/system_disk.h | 5 +++-- src/probes/system_infos.probe/system_meminfo.c | 8 ++++---- 7 files changed, 16 insertions(+), 17 deletions(-) diff --git a/build/install.sh b/build/install.sh index acde443..152b4fa 100755 --- a/build/install.sh +++ b/build/install.sh @@ -172,10 +172,8 @@ function install_shared_lib() cp ${SHARED_LIB} ${GOPHER_SHARED_LIB_DIR} done - if ! [[ $EXTEND_PROBES =~ "l7probe" ]] || ! [[ $EXTEND_PROBES =~ "stackprobe" ]] || ! [[ $EXTEND_PROBES =~ "jvm.probe" ]] ; then - echo "install lib:" ${JVM_ATTACH_BIN} - cp ${JVM_ATTACH_BIN} ${GOPHER_SHARED_LIB_DIR} - fi + echo "install lib:" ${JVM_ATTACH_BIN} + cp ${JVM_ATTACH_BIN} ${GOPHER_SHARED_LIB_DIR} } function install_extend_probes() diff --git a/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c b/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c index 272a264..93d02d6 100644 --- a/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c +++ b/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c @@ -237,7 +237,7 @@ static void get_diskname(const char* dev_name, char *disk_name, size_t size) char *p; char last_disk_name[DISK_NAME_LEN]; - strcpy(cmd, LSBLK_TREE_CMD); + snprintf(cmd, sizeof(cmd), "%s", LSBLK_TREE_CMD); f = popen_chroot(cmd, "r"); if (f == NULL) { return; diff --git a/src/probes/extends/ebpf.probe/src/lib/tcp.c b/src/probes/extends/ebpf.probe/src/lib/tcp.c index 664b9f7..e928e8a 100644 --- a/src/probes/extends/ebpf.probe/src/lib/tcp.c +++ b/src/probes/extends/ebpf.probe/src/lib/tcp.c @@ -210,7 +210,7 @@ static struct tcp_estab_comm* __get_estab_comm(const char *start, unsigned int l return NULL; } te_comm->comm[0] = 0; - (void)strcpy(te_comm->comm, comm); + (void)snprintf(te_comm->comm, sizeof(te_comm->comm), "%s", comm); te_comm->pid = strtoul(pid_s, NULL, 10); te_comm->fd = strtoul(fd_s, NULL, 10); diff --git a/src/probes/system_infos.probe/system_cpu.c b/src/probes/system_infos.probe/system_cpu.c index 7c1a25f..ac7ccb5 100644 --- a/src/probes/system_infos.probe/system_cpu.c +++ b/src/probes/system_infos.probe/system_cpu.c @@ -85,7 +85,7 @@ static void report_cpu_status(struct ipc_body_s *ipc_body) } entityId[0] = 0; - (void)strcpy(entityId, "cpu"); + (void)snprintf(entityId, sizeof(entityId), "%s", "cpu"); evt.entityName = ENTITY_NAME; evt.entityId = entityId; diff --git a/src/probes/system_infos.probe/system_disk.c b/src/probes/system_infos.probe/system_disk.c index 6465697..bd16523 100644 --- a/src/probes/system_infos.probe/system_disk.c +++ b/src/probes/system_infos.probe/system_disk.c @@ -162,12 +162,12 @@ static int init_fs_inode_info(void) (void)pclose(f); return -1; } - strcpy(fsItem->mount_on, stats.mount_on); + snprintf(fsItem->mount_on, sizeof(fsItem->mount_on), "%s", stats.mount_on); HASH_ADD_STR(g_df_tbl, mount_on, fsItem); } fsItem->valid = 1; - strcpy(fsItem->fsname, stats.fsname); - strcpy(fsItem->fstype, stats.fstype); + snprintf(fsItem->fsname, sizeof(fsItem->fsname), "%s", stats.fsname); + snprintf(fsItem->fstype, sizeof(fsItem->fstype), "%s", stats.fstype); fsItem->inode_sum = stats.inode_sum; fsItem->inode_used = stats.inode_used; fsItem->inode_free = stats.inode_free; @@ -258,7 +258,7 @@ static int init_fs_status(void) if (!fsItem || !fsItem->valid) { continue; } - (void)strcpy(fsItem->mount_status, mountStatus); + (void)snprintf(fsItem->mount_status, sizeof(fsItem->mount_status), "%s", mountStatus); } (void)pclose(f); diff --git a/src/probes/system_infos.probe/system_disk.h b/src/probes/system_infos.probe/system_disk.h index 999b06e..7747d1e 100644 --- a/src/probes/system_infos.probe/system_disk.h +++ b/src/probes/system_infos.probe/system_disk.h @@ -24,11 +24,12 @@ /* the interval of time (@p) is given in second */ #define S_VALUE(m,n,p) (((double) ((n) - (m))) / (p)) -#define FSTYPE_LEN 64 +#define FSNAME_LEN 128 +#define FSTYPE_LEN 32 #define MOUNTON_LEN 128 #define MOUNTSTATUS_LEN 8 typedef struct { - char fsname[FSTYPE_LEN]; + char fsname[FSNAME_LEN]; char fstype[FSTYPE_LEN]; char mount_on[MOUNTON_LEN]; char mount_status[MOUNTSTATUS_LEN]; diff --git a/src/probes/system_infos.probe/system_meminfo.c b/src/probes/system_infos.probe/system_meminfo.c index 6c1dc91..023ae59 100644 --- a/src/probes/system_infos.probe/system_meminfo.c +++ b/src/probes/system_infos.probe/system_meminfo.c @@ -44,7 +44,7 @@ int system_meminfo_init(void) "SwapTotal", "SwapFree", "Shmem", "Slab", "SReclaimable", "SUnreclaim", "KernelStack", "PageTables", "VmallocUsed", "HugePages_Total", "Hugepagesize"}; for (int i = MEM_TOTAL; i < TOTAL_DATA_INDEX; i++) { - strcpy(meminfo_fields[i].key, key_[i]); + snprintf(meminfo_fields[i].key, sizeof(meminfo_fields[i].key), "%s", key_[i]); meminfo_fields[i].value = 0; } return 0; @@ -109,8 +109,8 @@ static void report_meminfo_status(struct ipc_body_s *ipc_body, double mem_util, entityId[0] = 0; entityName[0] = 0; - (void)strcpy(entityId, "/proc/meminfo"); - (void)strcpy(entityName, "mem"); + (void)snprintf(entityId, sizeof(entityId), "%s", "/proc/meminfo"); + (void)snprintf(entityName, sizeof(entityName), "%s", "mem"); evt.entityName = entityName; evt.entityId = entityId; @@ -192,7 +192,7 @@ static int get_meminfo(struct ipc_body_s *ipc_body) } int cur_index = 0; while (!feof(f)) { - line[0] = 0; + line[0] = 0; if (fgets(line, LINE_BUF_LEN, f) == NULL) { break; } -- 2.28.0.windows.1