From 975ee8eb2b786643e6123e60909220a0ca5b5b55 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Tue, 5 Apr 2022 05:21:18 +0200
Subject: passt: Ignoring number of bytes read, CWE-252

Harmless, assuming sane kernel behaviour. Reported by Coverity.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 passt.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'passt.c')

diff --git a/passt.c b/passt.c
index c469fe8..06c3d73 100644
--- a/passt.c
+++ b/passt.c
@@ -195,6 +195,7 @@ static void seccomp(const struct ctx *c)
  */
 static void check_root(void)
 {
+	const char root_uid_map[] = "         0          0 4294967295";
 	struct passwd *pw;
 	char buf[BUFSIZ];
 	int fd;
@@ -205,8 +206,8 @@ static void check_root(void)
 	if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0)
 		return;
 
-	if (read(fd, buf, BUFSIZ) > 0 &&
-	    strcmp(buf, "         0          0 4294967295")) {
+	if (read(fd, buf, BUFSIZ) != sizeof(root_uid_map) ||
+	    strncmp(buf, root_uid_map, sizeof(root_uid_map) - 1)) {
 		close(fd);
 		return;
 	}
-- 
cgit v1.2.3