Security vulnerabilities and automated fixes for ebpf issues
2 posts found
A high-severity buffer over-read vulnerability was discovered in `bpf/sslsniff.c` at line 515, where `memmove()` was called with a size derived from an unbounded `strlen()` on a pointer computed by searching within a fixed-size path buffer. An attacker able to influence `/proc` filesystem entries or `ldconfig` output could have triggered out-of-bounds memory reads or writes. The fix replaces the unsafe `strlen()` call with a bounds-aware `strnlen()` that constrains the operation to the remaining
A critical vulnerability in an eBPF helper function allowed potential out-of-bounds memory reads and writes in kernel context due to unvalidated buffer size assumptions in chunked memory comparisons. The fix introduces a compile-time static assertion that enforces alignment invariants, ensuring that any future change to buffer size constants will produce a build error rather than silently introducing kernel memory corruption. Because eBPF programs execute with kernel privileges, this class of bu