Fix: illegal memory access in cmd_snapshot_list_outputs
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 17 May 2016 01:42:47 +0000 (21:42 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Tue, 17 May 2016 04:29:44 +0000 (00:29 -0400)
Found by Coverity:

CID 1243031 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)22. buffer_size_warning: Calling strncpy with a
maximum size argument of 4096 bytes on destination array (list +
idx).ctrl_url of size 4096 bytes might leave the destination string
unterminated.

CID 1243031 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)26. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array (list +
idx).name of size 255 bytes might leave the destination string
unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-sessiond/cmd.c

index 1327e42e4ddfa8efdd5a550179000a8f77f34150..201cbd183f8796f0bf716546562f31fd6b80b9b9 100644 (file)
@@ -3356,10 +3356,18 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
                assert(output->consumer);
                list[idx].id = output->id;
                list[idx].max_size = output->max_size;
-               strncpy(list[idx].name, output->name, sizeof(list[idx].name));
+               if (lttng_strncpy(list[idx].name, output->name,
+                               sizeof(list[idx].name))) {
+                       ret = -LTTNG_ERR_INVALID;
+                       goto error;
+               }
                if (output->consumer->type == CONSUMER_DST_LOCAL) {
-                       strncpy(list[idx].ctrl_url, output->consumer->dst.trace_path,
-                                       sizeof(list[idx].ctrl_url));
+                       if (lttng_strncpy(list[idx].ctrl_url,
+                                       output->consumer->dst.trace_path,
+                                       sizeof(list[idx].ctrl_url))) {
+                               ret = -LTTNG_ERR_INVALID;
+                               goto error;
+                       }
                } else {
                        /* Control URI. */
                        ret = uri_to_str_url(&output->consumer->dst.net.control,
This page took 0.028164 seconds and 4 git commands to generate.