Fix: forbid session name creation if contains /
authorDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 19:45:08 +0000 (14:45 -0500)
committerDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 20:34:05 +0000 (15:34 -0500)
commit0841762cf475e71336a4f8df1b9a468e3a606dde
tree90175dd9f3f0b4bbe1a19df6388113f88b0b4ca4
parentfca9bc1d05dce4f88721738be5c0aacc67eda8d0
Fix: forbid session name creation if contains /

This adds a validation function for session name which for now denies
any session name containing '/'.

This is in response of bug #721 that actually uses a path as a session
name such as "test/../session1" which would then be concatenated to the
session path adding a relative path to it making this a serious security
issue.

Because of this issue, this is backported from master up to stable-2.3.

Fixes #721

Signed-off-by: David Goulet <dgoulet@efficios.com>
doc/man/lttng.1
include/lttng/lttng-error.h
src/bin/lttng-sessiond/session.c
src/common/error.c
This page took 0.025801 seconds and 4 git commands to generate.