projects / lttng-tools.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1148bd3) | patch
Fix: forbid session name creation if contains /
authorDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 19:45:08 +0000 (14:45 -0500)
committerDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 20:34:16 +0000 (15:34 -0500)
commitbeb7c14849e4c7973ff94e61787989173e84ca4e
tree40a3eed2cae3f6c7611fd185f6e8fe3509235dabtree | snapshot
parent1148bd3a82f9819f3e59b9ce2b3adc139de9db45commit | diff
Fix: forbid session name creation if contains /

This adds a validation function for session name which for now denies
any session name containing '/'.

This is in response of bug #721 that actually uses a path as a session
name such as "test/../session1" which would then be concatenated to the
session path adding a relative path to it making this a serious security
issue.

Because of this issue, this is backported from master up to stable-2.3.

Fixes #721

Signed-off-by: David Goulet <dgoulet@efficios.com>
doc/man/lttng.1 diff | blob | blame | history
include/lttng/lttng-error.h diff | blob | blame | history
src/bin/lttng-sessiond/session.c diff | blob | blame | history
src/common/error.c diff | blob | blame | history
LTTng 2.0 tools and control repository
This page took 0.025867 seconds and 4 git commands to generate.