From adab5d396d83ef7c8f4923e0d3760b74d9e4eb9f Mon Sep 17 00:00:00 2001
From: Vchanger <chenzhen126@huawei.com>
Date: Fri, 27 Dec 2024 15:24:37 +0800
Subject: [PATCH] fix buffer overflow and ret value of sscanf

---
 src/common/util.c                                        | 2 +-
 src/probes/extends/ebpf.probe/src/lib/pystack/py_stack.c | 2 +-
 src/probes/system_infos.probe/system_cpu.c               | 4 ++--
 src/probes/system_infos.probe/system_procs.c             | 6 ++++--
 src/probes/virtualized_infos.probe/virt_proc.c           | 6 +++++-
 5 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index c8bdff6b..69d08f83 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -479,7 +479,7 @@ int get_so_path(int pid, char *elf_path, int size, const char *so_keyword)
 
     while (fgets(buf, sizeof(buf), fp)) {
         so_path[0] = 0;
-        if (sscanf(buf, "%*x-%*x %*s %*s %*s %*s %s", so_path) != 1) {
+        if (sscanf(buf, "%*x-%*x %*s %*s %*s %*s %255s", so_path) != 1) {
             continue;
         }
         if (so_path[0] != '/') {
diff --git a/src/probes/extends/ebpf.probe/src/lib/pystack/py_stack.c b/src/probes/extends/ebpf.probe/src/lib/pystack/py_stack.c
index bfa55fd5..cf05b545 100644
--- a/src/probes/extends/ebpf.probe/src/lib/pystack/py_stack.c
+++ b/src/probes/extends/ebpf.probe/src/lib/pystack/py_stack.c
@@ -187,7 +187,7 @@ int try_init_py_proc_data(int pid, struct py_proc_data *data)
     }
 
     while (fgets(buf, sizeof(buf), fp) != NULL) {
-        if (sscanf(buf, "%llx-%llx %4s %llx %*s %*u %s",
+        if (sscanf(buf, "%llx-%llx %4s %llx %*s %*u %255s",
             &mod_info.start, &mod_info.end, perm, &mod_info.f_offset, so_path) != 5) {
             continue;
         }
diff --git a/src/probes/system_infos.probe/system_cpu.c b/src/probes/system_infos.probe/system_cpu.c
index 19d1316c..5a2c6900 100644
--- a/src/probes/system_infos.probe/system_cpu.c
+++ b/src/probes/system_infos.probe/system_cpu.c
@@ -29,7 +29,7 @@
 #define SYSTEM_PROC_STAT_PATH       "/proc/stat"
 #define SYSTEM_CPU_MHZ_INFO         "cat /proc/cpuinfo | grep MHz"
 #define SOFTNET_STAT_PATH           "/proc/net/softnet_stat"
-#define PROC_STAT_FILEDS_NUM        6
+#define PROC_STAT_FILEDS_NUM        8
 #define PROC_STAT_COL_NUM           8
 #define PROC_STAT_IDLE_COL          4
 #define PROC_STAT_IOWAIT_COL        5
@@ -160,7 +160,7 @@ static int get_proc_stat_info(void)
             &cur_cpus[index]->cpu_softirq_total_second,
             &cur_cpus[index]->cpu_steal_total_second);
         if (ret < PROC_STAT_FILEDS_NUM) {
-            DEBUG("system_cpu.probe failed get proc_stat metrics.\n");
+            ERROR("system_cpu.probe failed to get proc_stat metrics.\n");
         }
         index++;
     }
diff --git a/src/probes/system_infos.probe/system_procs.c b/src/probes/system_infos.probe/system_procs.c
index b3f46093..dd1411b8 100644
--- a/src/probes/system_infos.probe/system_procs.c
+++ b/src/probes/system_infos.probe/system_procs.c
@@ -367,6 +367,7 @@ static int get_proc_mss(u32 pid, proc_info_t *proc_info)
     u32 value = 0;
     char line[LINE_BUF_LEN];
     char key[LINE_BUF_LEN];
+    char format[SSCANF_FORMAT_LEN];
     char smap_key_list[PROC_MSS_MAX][LINE_BUF_LEN] = {"Shared_Clean:", "Shared_Dirty:", "Private_Clean:",
         "Private_Dirty:", "Referenced:", "LazyFree:", "Swap:", "SwapPss:"};
     int smap_index = 0;
@@ -376,6 +377,7 @@ static int get_proc_mss(u32 pid, proc_info_t *proc_info)
         return -1;
     }
 
+    (void)snprintf(format, sizeof(format), "%%%lus %%u %%*s", sizeof(key) - 1);
     while (!feof(f)) {
         line[0] = 0;
         key[0] = 0;
@@ -387,8 +389,8 @@ static int get_proc_mss(u32 pid, proc_info_t *proc_info)
             continue;
         }
         value = 0;
-        int ret = sscanf(line, "%s %u %*s", key, &value);
-        if (ret < 1) {
+        int ret = sscanf(line, format, key, &value);
+        if (ret < 2) {
             goto out;
         }
         if (strcmp(smap_key_list[smap_index], key) != 0) {
diff --git a/src/probes/virtualized_infos.probe/virt_proc.c b/src/probes/virtualized_infos.probe/virt_proc.c
index 7a6848bc..d5b39779 100644
--- a/src/probes/virtualized_infos.probe/virt_proc.c
+++ b/src/probes/virtualized_infos.probe/virt_proc.c
@@ -160,6 +160,7 @@ int virt_proc_probe(void)
     FILE *f = NULL;
     char cmd[COMMAND_LEN];
     char line[LINE_BUF_LEN];
+    char format[SSCANF_FORMAT_LEN];
     struct proc_infos one_proc;
 
     if (g_host_type_is_pm == 0) {
@@ -177,6 +178,9 @@ int virt_proc_probe(void)
     if (f == NULL) {
         return -1;
     }
+
+    (void)snprintf(format, sizeof(format), "%%%lus %%%lus",
+                   sizeof(one_proc.uuid) - 1, sizeof(one_proc.vm_name) - 1);
     while (!feof(f)) {
         (void)memset(line, 0, LINE_BUF_LEN);
         if (fgets(line, LINE_BUF_LEN, f) == NULL) {
@@ -184,7 +188,7 @@ int virt_proc_probe(void)
             return -1;
         }
         (void)memset(&one_proc, 0, sizeof(struct proc_infos));
-        if (sscanf(line, "%s %s", one_proc.uuid, one_proc.vm_name) < 2) {
+        if (sscanf(line, format, one_proc.uuid, one_proc.vm_name) < 2) {
             break;
         }
         (void)get_qemu_proc_tgid(&one_proc);
-- 
Gitee