tracee
tracee copied to clipboard
aquasecurity
[BUG] Panic in kernel version parsing
Prerequisites
- [x] This affects latest released version.
- [x] This affects current development tree (origin/HEAD).
- [x] There isn't an issue describing the bug.
Select one OR another:
- [x] I'm going to create a PR to solve this (assign to yourself).
- [ ] Someone else should solve this.
Bug description
When executing tracee on a machine with kernel version "5.8.*", the following error is received:
This is a result of a bug in libbpfgo which doesn't check the argument parsed:
func CompareKernelRelease(base, given string) int {
b := strings.Split(base, "-") // [base]-xxx
b = strings.Split(b[0], ".") // [major][minor][patch]
g := strings.Split(given, "-")
g = strings.Split(g[0], ".")
for n := 0; n <= 2; n++ {
i, _ := strconv.Atoi(g[n])
j, _ := strconv.Atoi(b[n])
Steps to reproduce
Context
Relevant information about my setup:
- Linux kernel version: 5.8.0-48
Yes, it was fixed by:
commit 0e13a1d (tag: v0.4.0-libbpf-1.0.0)
Author: grantseltzer <[email protected]>
Date: Wed Aug 31 12:53:41 2022
Add possible error and autofixes to helper functions for comparing kernel functions
Signed-off-by: grantseltzer <[email protected]>
But should we close this? I mean, we still use the older libbpfgo version in tracee, don't we?
Related to comment: https://github.com/aquasecurity/tracee/pull/2119#pullrequestreview-1088495638. You are correct. There are 2 bugs, one is the libbpfgo bug and the other is tracee bug (which is this one). I'll re-open until that libbpfgo is bumped to.
Alright, we can close this (again) now (fix already merged in libbpfgo and tracee was bumpbed, again).