Fix: sessiond: user/group name can be leaked on malformed command
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 27 Mar 2020 15:01:05 +0000 (11:01 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 27 Mar 2020 16:51:29 +0000 (12:51 -0400)
commitd74a5c35a5e21ad8ca220e8ab47c4ffe7b5b7916
treed9240cfbfc5223912c074d64be0bd16d7d189697
parent8b79ef3149185f0c6e3e755e3ac69499020f4cc8
Fix: sessiond: user/group name can be leaked on malformed command

process_attr_value_from_comm() can leak a copy of the user/group
name when the value type is erroneous. This is not reachable in
"normal" execution, but could be triggered by invalid "crafter"
lttng-ctl commands.

In process_attr_value_from_comm: Leak of memory or pointers to
system resources (CWE-404).

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I7ef55c0743c954a93e3d27ce17e6478708b49437
src/common/tracker.c
This page took 0.025402 seconds and 4 git commands to generate.