Fix: illegal memory access in _cmd_enable_event
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 17 May 2016 01:42:41 +0000 (21:42 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 20 May 2016 20:35:36 +0000 (16:35 -0400)
Found by Coverity:

CID 1321742 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)21. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array attr->name of
size 256 bytes might leave the destination string unterminated.

CID 1321742 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)22. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array attr->name of
size 256 bytes might leave the destination string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-sessiond/cmd.c

index 6779bae671246da67264dba01bfd93fd2b80db07..a45ec1380b002f782e8dfe354e892ad7ccb73376 100644 (file)
@@ -1462,7 +1462,12 @@ int cmd_enable_event(struct ltt_session *session, struct lttng_domain *domain,
                                ret = LTTNG_ERR_FATAL;
                                goto error;
                        }
-                       strncpy(attr->name, channel_name, sizeof(attr->name));
+                       if (lttng_strncpy(attr->name, channel_name,
+                                       sizeof(attr->name))) {
+                               ret = LTTNG_ERR_INVALID;
+                               free(attr);
+                               goto error;
+                       }
 
                        ret = cmd_enable_channel(session, domain, attr, wpipe);
                        if (ret != LTTNG_OK) {
@@ -1540,7 +1545,12 @@ int cmd_enable_event(struct ltt_session *session, struct lttng_domain *domain,
                                ret = LTTNG_ERR_FATAL;
                                goto error;
                        }
-                       strncpy(attr->name, channel_name, sizeof(attr->name));
+                       if (lttng_strncpy(attr->name, channel_name,
+                                       sizeof(attr->name))) {
+                               ret = LTTNG_ERR_INVALID;
+                               free(attr);
+                               goto error;
+                       }
 
                        ret = cmd_enable_channel(session, domain, attr, wpipe);
                        if (ret != LTTNG_OK) {
This page took 0.02756 seconds and 4 git commands to generate.