From 1e860b9b5cb5cd9b41f1265ba5ab507854a01757 Mon Sep 17 00:00:00 2001 From: Nikola Grcevski Date: Wed, 11 Dec 2024 16:14:51 -0500 Subject: [PATCH] Fix uninitialized vars and sys call crash --- next/src/xcapture.bpf.c | 2 +- next/src/xcapture.c | 17 ++++++++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/next/src/xcapture.bpf.c b/next/src/xcapture.bpf.c index c3f963a..b12b846 100644 --- a/next/src/xcapture.bpf.c +++ b/next/src/xcapture.bpf.c @@ -63,7 +63,7 @@ int get_tasks(struct bpf_iter__task *ctx) t->pid = task->pid; t->tgid = task->tgid; - t->flags = task->flags; + t->flags = task->flags; t->state = get_task_state(task); bpf_probe_read_kernel_str(t->comm, TASK_COMM_LEN, task->comm); t->euid = BPF_CORE_READ(task, cred, euid.val); diff --git a/next/src/xcapture.c b/next/src/xcapture.c index b043950..963a409 100644 --- a/next/src/xcapture.c +++ b/next/src/xcapture.c @@ -38,14 +38,21 @@ static const char *get_task_state(__u32 state) } } +static const char *safe_syscall_name(__u32 syscall_nr) { + if (syscall_nr > NR_SYSCALLS) { + return ""; + } + + return sysent0[syscall_nr].name; +} int main(int argc, char **argv) { - struct xcapture_bpf *skel; + struct xcapture_bpf *skel = 0; struct task_info buf; - int iter_fd; - ssize_t ret; - int err; + int iter_fd = 0; + ssize_t ret = 0; + int err = 0; /* Open, load, and verify BPF application */ @@ -93,7 +100,7 @@ int main(int argc, char **argv) printf("%-23s %7d %7d %-15s %-16s %-16s %-16s %-25s %-16llx %s\n", timestamp, buf.pid, buf.tgid, get_task_state(buf.state), getusername(buf.euid), buf.comm, buf.exe_file, - sysent0[buf.syscall_nr].name, buf.syscall_args[0], buf.filename[0] ? buf.filename : "" + safe_syscall_name(buf.syscall_nr), buf.syscall_args[0], buf.filename[0] ? buf.filename : "" ); // }