Fix: lttng-ctl: unvalidated session destruction handle API arguments

The liblttng-ctl API is not performance sensitive and normally adopts
a defensive stance with regards to supplied arguments. The session
destruction handle API introduced in 2.11 does not check user-supplied
arguments for NULLs which does not fit with existing liblttng-ctl API
conventions.

Add NULL checks for all arguments which cannot be legitimately left
NULL and return a suitable "invalid parameters" return code.

Moreover, note that lttng_destroy_session_ext() is now used by
lttng_destroy_session(), which previously checked for a NULL session
name. Not checking for this case in the new 'ext' version introduced a
change in behaviour.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/lib/lttng-ctl/destruction-handle.c b/src/lib/lttng-ctl/destruction-handle.c
index f0ff0d4e170e0e4bf2178b0075e91047b3170a4e..d2559646f8c18201f0a16e70cfffd9f81fe6aa2c 100644 (file)
--- a/src/lib/lttng-ctl/destruction-handle.c
+++ b/src/lib/lttng-ctl/destruction-handle.c
@@ -243,6 +243,11 @@ lttng_destruction_handle_wait_for_completion(
        const bool has_timeout = timeout_ms > 0;
         struct timespec initial_time;
 
+       if (!handle) {
+               status = LTTNG_DESTRUCTION_HANDLE_STATUS_INVALID;
+               goto end;
+       }
+
         if (handle->communication.state == COMMUNICATION_STATE_ERROR) {
                status = LTTNG_DESTRUCTION_HANDLE_STATUS_ERROR;
                goto end;
@@ -329,6 +334,11 @@ lttng_destruction_handle_get_rotation_state(
        enum lttng_destruction_handle_status status =
                        LTTNG_DESTRUCTION_HANDLE_STATUS_OK;
 
+       if (!handle || !rotation_state) {
+               status = LTTNG_DESTRUCTION_HANDLE_STATUS_INVALID;
+               goto end;
+       }
+
        if (!handle->rotation_state.is_set) {
                status = LTTNG_DESTRUCTION_HANDLE_STATUS_INVALID;
                goto end;
@@ -346,6 +356,11 @@ lttng_destruction_handle_get_archive_location(
        enum lttng_destruction_handle_status status =
                        LTTNG_DESTRUCTION_HANDLE_STATUS_OK;
 
+       if (!handle || !location) {
+               status = LTTNG_DESTRUCTION_HANDLE_STATUS_INVALID;
+               goto end;
+       }
+
        if (!handle->location) {
                status = LTTNG_DESTRUCTION_HANDLE_STATUS_INVALID;
                goto end;
@@ -363,6 +378,11 @@ lttng_destruction_handle_get_result(
        enum lttng_destruction_handle_status status =
                        LTTNG_DESTRUCTION_HANDLE_STATUS_OK;
 
+       if (!handle || !result) {
+               status = LTTNG_DESTRUCTION_HANDLE_STATUS_INVALID;
+               goto end;
+       }
+
        if (!handle->destruction_return_code.is_set) {
                status = LTTNG_DESTRUCTION_HANDLE_STATUS_INVALID;
                goto end;
@@ -384,6 +404,11 @@ enum lttng_error_code lttng_destroy_session_ext(const char *session_name,
        int sessiond_socket = -1;
        struct lttng_destruction_handle *handle = NULL;
 
+       if (!session_name || !handle) {
+               ret_code = LTTNG_ERR_INVALID;
+               goto error;
+       }
+
        ret = lttng_strncpy(lsm.session.name, session_name,
                        sizeof(lsm.session.name));
        if (ret) {