From 28abaece2af732cf2b2b2f8b12aeb02439e76d4c Mon Sep 17 00:00:00 2001
From: Michal Rostecki <vadorovsky@gmail.com>
Date: Thu, 21 Jul 2022 11:57:42 +0200
Subject: [PATCH] Fix the log buffer bounds

Change 821ba0b243fd removed the `size > buf.len()` check, which was a
mistake, because we might write to a subslice of the whole buffer, so
then `buf` can be lower than `LOG_BUF_CAPACITY`.

This change compares `size` with `min::(buf.len(), LOG_BUF_CAPACITY)`
instead.

Fixes: 821ba0b243fd ("Ensure log buffer bounds")
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
---
 aya-log/aya-log-common/src/lib.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/aya-log/aya-log-common/src/lib.rs b/aya-log/aya-log-common/src/lib.rs
index c1a5b666..0aa63846 100644
--- a/aya-log/aya-log-common/src/lib.rs
+++ b/aya-log/aya-log-common/src/lib.rs
@@ -90,9 +90,9 @@ where
 
     pub(crate) fn write(&self, mut buf: &mut [u8]) -> Result<usize, ()> {
         let size = mem::size_of::<T>() + mem::size_of::<usize>() + self.value.len();
-        // The verifier rejects the program if it can't see that `size` doesn't
-        // exceed the buffer size.
-        if size > LOG_BUF_CAPACITY {
+        let remaining = cmp::min(buf.len(), LOG_BUF_CAPACITY);
+        // Check if the size doesn't exceed the buffer bounds.
+        if size > remaining {
             return Err(());
         }
 
@@ -103,8 +103,8 @@ where
         buf = &mut buf[mem::size_of::<usize>()..];
 
         let len = cmp::min(buf.len(), self.value.len());
-        // The verifier rejects the program if it can't see that `size` doesn't
-        // exceed the buffer size.
+        // The verifier isn't happy with `len` being unbounded, so compare it
+        // with `LOG_BUF_CAPACITY`.
         if len > LOG_BUF_CAPACITY {
             return Err(());
         }