Received-SPF: pass (google.com: domain of linux-kernel+bounces-60280-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Precedence: bulk
MIME-Version: 1.0
References: <20240201001504.1348511-1-irogers@google.com> <20240201001504.1348511-6-irogers@google.com>
In-Reply-To: <20240201001504.1348511-6-irogers@google.com>
From: Namhyung Kim <namhyung@kernel.org>
Date: Fri, 9 Feb 2024 20:40:54 -0800
Message-ID: <CAM9d7cjka_O5OmCxkrp-K6g45VnxEJNd73jjv6kQanutf+6sbg@mail.gmail.com>
Subject: Re: [PATCH v2 6/9] perf tests: Use scandirat for shell script finding
To: Ian Rogers <irogers@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>, 
	Arnaldo Carvalho de Melo <acme@kernel.org>, Mark Rutland <mark.rutland@arm.com>, 
	Alexander Shishkin <alexander.shishkin@linux.intel.com>, Jiri Olsa <jolsa@kernel.org>, 
	Adrian Hunter <adrian.hunter@intel.com>, Nathan Chancellor <nathan@kernel.org>, 
	Nick Desaulniers <ndesaulniers@google.com>, Tom Rix <trix@redhat.com>, 
	Ravi Bangoria <ravi.bangoria@amd.com>, James Clark <james.clark@arm.com>, 
	Kan Liang <kan.liang@linux.intel.com>, John Garry <john.g.garry@oracle.com>, 
	linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, 
	llvm@lists.linux.dev
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Jan 31, 2024 at 4:15=E2=80=AFPM Ian Rogers <irogers@google.com> wro=
te:
>
> Avoid filename appending buffers by using openat, faccessat and
> scandirat more widely. Turn the script's path back to a file name
> using readlink from /proc/<pid>/fd/<fd>.
>
> Read the script's description using api/io.h to avoid fdopen
> conversions. Whilst reading perform additional sanity checks on the
> script's contents.
>
> Signed-off-by: Ian Rogers <irogers@google.com>
> ---
[SNIP]
> -static const char *shell_test__description(char *description, size_t siz=
e,
> -                                           const char *path, const char =
*name)
> +static char *shell_test__description(int dir_fd, const char *name)
>  {
> -       FILE *fp;
> -       char filename[PATH_MAX];
> -       int ch;
> +       struct io io;
> +       char buf[128], desc[256];
> +       int ch, pos =3D 0;
>
> -       path__join(filename, sizeof(filename), path, name);
> -       fp =3D fopen(filename, "r");
> -       if (!fp)
> +       io__init(&io, openat(dir_fd, name, O_RDONLY), buf, sizeof(buf));
> +       if (io.fd < 0)
>                 return NULL;
>
>         /* Skip first line - should be #!/bin/sh Shebang */
> +       if (io__get_char(&io) !=3D '#')
> +               goto err_out;
> +       if (io__get_char(&io) !=3D '!')
> +               goto err_out;
>         do {
> -               ch =3D fgetc(fp);
> -       } while (ch !=3D EOF && ch !=3D '\n');
> -
> -       description =3D fgets(description, size, fp);
> -       fclose(fp);
> +               ch =3D io__get_char(&io);
> +               if (ch < 0)
> +                       goto err_out;
> +       } while (ch !=3D '\n');
>
> -       /* Assume first char on line is omment everything after that desc=
 */
> -       return description ? strim(description + 1) : NULL;
> +       do {
> +               ch =3D io__get_char(&io);
> +               if (ch < 0)
> +                       goto err_out;
> +       } while (ch =3D=3D '#' || isspace(ch));
> +       while (ch > 0 && ch !=3D '\n') {
> +               desc[pos++] =3D ch;
> +               if (pos >=3D (int)sizeof(desc) - 1)

Maybe (pos =3D=3D sizeof(desc) - 2) ?  I'm not sure what happens if it has =
a
description longer than the buffer size.

> +                       break;
> +               ch =3D io__get_char(&io);
> +       }
> +       while (pos > 0 && isspace(desc[--pos]))
> +               ;
> +       desc[++pos] =3D '\0';

Wouldn't it overflow the buffer?

Thanks,
Namhyung


> +       close(io.fd);
> +       return strdup(desc);
> +err_out:
> +       close(io.fd);
> +       return NULL;
>  }