String matching: Fix long strings prefix matching

Prefix matching is done by looking up the provided string in the LPM TRIE string prefix map (for strings and file paths). Currently, we don't look up strings that are longer than the prefix map can hold. This is a bug, because we could still look up the beginning substring (to the max the map allows) and if it matches, then the full string would also match (if the map size permitted it). This commit detects strings that are longer than the map allows and instead of not matching, it looks up the longest beginning substring that the map allows instead. This will allow prefix matching to be used on all strings and not just the ones short enough to fit into the prefix map. Signed-off-by: Kevin Sheldrake <[email protected]>
cilium · Nov 27, 2023 · e414394 · e414394
1 parent da5ffb4
commit e414394
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h
@@ -775,11 +775,13 @@ filter_char_buf_prefix(struct selector_arg_filter *filter, char *arg_str, uint a
 	int zero = 0;
 
 	addrmap = map_lookup_elem(&string_prefix_maps, &map_idx);
-	if (!addrmap)
+	if (!addrmap || !arg_len)
 		return 0;
 
-	if (arg_len > STRING_PREFIX_MAX_LENGTH || !arg_len)
-		return 0;
+	// If the string to check is longer than the prefix map allows, then only check the longest
+	// substring that the map allows.
+	if (arg_len >= STRING_PREFIX_MAX_LENGTH)
+		arg_len = STRING_PREFIX_MAX_LENGTH - 1;
 
 	arg = (struct string_prefix_lpm_trie *)map_lookup_elem(&string_prefix_maps_heap, &zero);
 	if (!arg)