From: Mathieu Desnoyers Date: Tue, 17 May 2016 01:42:44 +0000 (-0400) Subject: Fix: illegal memory access in enable_event X-Git-Tag: v2.9.0-rc1~229 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=bb45c03e2f9a46d9baf4ab7b93f57cd8f259f3d5;p=lttng-tools.git Fix: illegal memory access in enable_event Found by Coverity: CID 1243033 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)16. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array msg.name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c index ced0f85cf..f79ac00e6 100644 --- a/src/bin/lttng-sessiond/agent.c +++ b/src/bin/lttng-sessiond/agent.c @@ -408,17 +408,20 @@ static int enable_event(struct agent_app *app, struct agent_event *event) } data_size = sizeof(msg) + filter_expression_length; - ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0); - if (ret < 0) { - goto error_io; - } - memset(&msg, 0, sizeof(msg)); msg.loglevel_value = htobe32(event->loglevel_value); msg.loglevel_type = htobe32(event->loglevel_type); - strncpy(msg.name, event->name, sizeof(msg.name)); + if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) { + ret = LTTNG_ERR_INVALID; + goto error; + } msg.filter_expression_length = htobe32(filter_expression_length); + ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0); + if (ret < 0) { + goto error_io; + } + bytes_to_send = zmalloc(data_size); if (!bytes_to_send) { ret = LTTNG_ERR_NOMEM;