Fix: illegal memory access in relayd_create_session_2_4
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 17 May 2016 01:42:56 +0000 (21:42 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 20 May 2016 19:11:40 +0000 (15:11 -0400)
Found by Coverity:
CID 1243024 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)2. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array msg.session_name
of size 255 bytes might leave the destination string unterminated.

CID 1243024 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a
maximum size argument of 64 bytes on destination array msg.hostname of
size 64 bytes might leave the destination string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/common/relayd/relayd.c

index 47db4081ae41bf55e7ca5d7c5fa6ab8194e37f9f..8f4f07a2088f75fbe0774bb240eb1d887806d958 100644 (file)
@@ -130,8 +130,15 @@ static int relayd_create_session_2_4(struct lttcomm_relayd_sock *rsock,
        int ret;
        struct lttcomm_relayd_create_session_2_4 msg;
 
-       strncpy(msg.session_name, session_name, sizeof(msg.session_name));
-       strncpy(msg.hostname, hostname, sizeof(msg.hostname));
+       if (lttng_strncpy(msg.session_name, session_name,
+                       sizeof(msg.session_name))) {
+               ret = -1;
+               goto error;
+       }
+       if (lttng_strncpy(msg.hostname, hostname, sizeof(msg.hostname))) {
+               ret = -1;
+               goto error;
+       }
        msg.live_timer = htobe32(session_live_timer);
        msg.snapshot = htobe32(snapshot);
 
This page took 0.028037 seconds and 4 git commands to generate.