On March 24, 2026 2:21:58 AM PDT, Jiri Olsa <[email protected]> wrote:
>On Mon, Mar 23, 2026 at 10:30:37PM -0700, Kees Cook wrote:
>> Replace the deprecated[1] strncpy() with strnlen() on the source
>> followed by memcpy(). Normally strscpy() would be used in this case,
>> but skel_internal.h is shared between kernel and userspace tools, and
>> strscpy() is not available in the userspace build context.
>>
>> The source map_name is a NUL-terminated C string (the only caller
>> passes a 12 character string literal). The destination attr.map_name is
>> char[BPF_OBJ_NAME_LEN] (16 bytes) in union bpf_attr, passed to the bpf()
>> syscall. The kernel's bpf_obj_name_cpy() requires a NUL terminator within
>> the 16-byte field, rejecting names that use all 16 bytes. Valid names
>> are therefore at most 15 characters.
>>
>> The attr is pre-zeroed with memset() at the top of the function,
>> so the byte at position 15 is always NUL. The copy is bounded to
>> sizeof(attr.map_name) - 1 (15 bytes) to guarantee NUL-termination is
>
>hm, but this version no longer does that, right?
Arg. Yes, correct. I'll fix the commit log for v3. And yes, the bpf test suite
reported that v2 shows no test failures any more.
(Why does this need an unterminated string internally here when the syscall
refuses to build one?)
--
Kees Cook
