From: Mathieu Desnoyers Date: Tue, 17 May 2016 01:42:58 +0000 (-0400) Subject: Fix: illegal memory access in viewer_list_sessions X-Git-Tag: v2.6.3~40 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=7395f8e11ac514bf9f12aeef4dbc3e1697779ffa;p=lttng-tools.git Fix: illegal memory access in viewer_list_sessions Found by Coverity: CID 1243025 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array send_session->hostname of size 64 bytes might leave the destination string unterminated. CID 1243025 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array send_session->session_name of size 255 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- diff --git a/src/bin/lttng-relayd/live.c b/src/bin/lttng-relayd/live.c index 8a7485399..b358f4fa2 100644 --- a/src/bin/lttng-relayd/live.c +++ b/src/bin/lttng-relayd/live.c @@ -832,10 +832,19 @@ int viewer_list_sessions(struct relay_connection *conn) buf_count = new_buf_count; } send_session = &send_session_buf[count]; - strncpy(send_session->session_name, session->session_name, - sizeof(send_session->session_name)); - strncpy(send_session->hostname, session->hostname, - sizeof(send_session->hostname)); + if (lttng_strncpy(send_session->session_name, + session->session_name, + sizeof(send_session->session_name))) { + ret = -1; + rcu_read_unlock(); + goto end_free; + } + if (lttng_strncpy(send_session->hostname, session->hostname, + sizeof(send_session->hostname))) { + ret = -1; + rcu_read_unlock(); + goto end_free; + } send_session->id = htobe64(session->id); send_session->live_timer = htobe32(session->live_timer); if (session->viewer_attached) {