relayd: clean-up: mix-up between LTTNG_PATH_MAX and LTTNG_NAME_MAX
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Mon, 23 Sep 2019 18:46:42 +0000 (14:46 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Mon, 23 Sep 2019 18:48:44 +0000 (14:48 -0400)
LTTNG_PATH_MAX and LTTNG_NAME_MAX are mixed up in
cmd_create_session_2_4(). While Coverity warns of a possible buffer
overrun, this is not possible since the length of the received
buffer is correctly checked against LTTNG_NAME_MAX.

Change the use of LTTNG_PATH_MAX for LTTNG_NAME_MAX even though
strcpy() could be used safely here.

1405634 Out-of-bounds access
Access of memory not owned by this buffer may cause crashes or incorrect computations.
In relay_create_session: Out-of-bounds access to a buffer (CWE-119)

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-relayd/cmd-2-4.c

index ac6e0425877970f3da91b05911fa8dc0c644609b..e20a838da932051572ebd2db984bf3b9eddaa408 100644 (file)
@@ -53,7 +53,7 @@ int cmd_create_session_2_4(const struct lttng_buffer_view *payload,
                ERR("Session name too long");
                goto error;
        }
-       strncpy(session_name, session_info.session_name, LTTNG_PATH_MAX);
+       strncpy(session_name, session_info.session_name, LTTNG_NAME_MAX);
 
        len = lttng_strnlen(session_info.hostname, sizeof(session_info.hostname));
        if (len == sizeof(session_info.hostname) || len >= LTTNG_HOST_NAME_MAX) {
This page took 0.026089 seconds and 4 git commands to generate.