Commit a716d6c
committed
bpf: Reject %p% format string in bprintf-like helpers
JIRA: https://issues.redhat.com/browse/RHEL-110274
commit f824274
Author: Paul Chaignon <paul.chaignon@gmail.com>
Date: Tue Jul 1 21:47:30 2025 +0200
bpf: Reject %p% format string in bprintf-like helpers
static const char fmt[] = "%p%";
bpf_trace_printk(fmt, sizeof(fmt));
The above BPF program isn't rejected and causes a kernel warning at
runtime:
Please remove unsupported %\x00 in format string
WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0
This happens because bpf_bprintf_prepare skips over the second %,
detected as punctuation, while processing %p. This patch fixes it by
not skipping over punctuation. %\x00 is then processed in the next
iteration and rejected.
Reported-by: syzbot+e2c932aec5c8a6e1d31c@syzkaller.appspotmail.com
Fixes: 48cac3f ("bpf: Implement formatted output helpers with bstr_printf")
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Link: https://lore.kernel.org/r/a0e06cc479faec9e802ae51ba5d66420523251ee.1751395489.git.paul.chaignon@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Viktor Malik <vmalik@redhat.com>1 parent 8d518ca commit a716d6c
1 file changed
+8
-3
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
882 | 882 | | |
883 | 883 | | |
884 | 884 | | |
| 885 | + | |
| 886 | + | |
| 887 | + | |
| 888 | + | |
| 889 | + | |
| 890 | + | |
| 891 | + | |
885 | 892 | | |
886 | 893 | | |
887 | 894 | | |
888 | 895 | | |
889 | 896 | | |
890 | 897 | | |
891 | 898 | | |
892 | | - | |
893 | | - | |
| 899 | + | |
894 | 900 | | |
895 | 901 | | |
896 | | - | |
897 | 902 | | |
898 | 903 | | |
899 | 904 | | |
| |||
0 commit comments