Fix: sessiond: missing goto in error handler

The trace_ust inclusion set add/remove methods do not jump to the
end label after checking the `tracker` variable. This can result
in a NULL pointer dereference when an invalid process attribute
is specified.

The same problem appears in save_process_attr_trackers() and
process_attr_value_from_comm().

The missing jump (goto) is added in all cases.

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I473e008e5330a4c3820c8ab7c57ce4f2961e79b2

diff --git a/src/bin/lttng-sessiond/save.c b/src/bin/lttng-sessiond/save.c
index c3ae627915e3e8994ceb32333ab5a16f56a12212..822662ef598330581cb333b4798e3236c51928dc 100644 (file)
--- a/src/bin/lttng-sessiond/save.c
+++ b/src/bin/lttng-sessiond/save.c
@@ -2079,6 +2079,7 @@ static int save_process_attr_trackers(struct config_writer *writer,
                break;
        default:
                ret = LTTNG_ERR_INVALID;
+               goto end;
        }
        ret = LTTNG_OK;
 end:

diff --git a/src/bin/lttng-sessiond/trace-ust.c b/src/bin/lttng-sessiond/trace-ust.c
index 4432fca2340d2db3116eef9c60020f8de88c252d..80dd8dc54839bd51a5e643cf1a9f828a4a08c546 100644 (file)
--- a/src/bin/lttng-sessiond/trace-ust.c
+++ b/src/bin/lttng-sessiond/trace-ust.c
@@ -1033,6 +1033,7 @@ enum lttng_error_code trace_ust_process_attr_tracker_inclusion_set_add_value(
        tracker = _trace_ust_get_process_attr_tracker(session, process_attr);
        if (!tracker) {
                ret_code = LTTNG_ERR_INVALID;
+               goto end;
        }
 
        status = process_attr_tracker_inclusion_set_add_value(tracker, value);
@@ -1141,6 +1142,7 @@ enum lttng_error_code trace_ust_process_attr_tracker_inclusion_set_remove_value(
        tracker = _trace_ust_get_process_attr_tracker(session, process_attr);
        if (!tracker) {
                ret_code = LTTNG_ERR_INVALID;
+               goto end;
        }
 
        status = process_attr_tracker_inclusion_set_remove_value(

diff --git a/src/common/tracker.c b/src/common/tracker.c
index c27d9765562e590241e2ae9ba5ece15e8bbdc1a0..0f69c775b75f6d1c08e213fa547bcbbf5feb7daa 100644 (file)
--- a/src/common/tracker.c
+++ b/src/common/tracker.c
@@ -85,6 +85,7 @@ enum lttng_error_code process_attr_value_from_comm(
                name = strdup(value_view->data);
                if (!name) {
                        ret = LTTNG_ERR_NOMEM;
+                       goto error;
                }
        }