From: Mathieu Desnoyers Date: Tue, 17 May 2016 01:42:58 +0000 (-0400) Subject: Fix: illegal memory access in viewer_list_sessions X-Git-Tag: v2.7.3~50 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=f8e4ddb301362bcde3073e595fe253a58e0a812a;p=lttng-tools.git Fix: illegal memory access in viewer_list_sessions Found by Coverity: CID 1243025 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array send_session->hostname of size 64 bytes might leave the destination string unterminated. CID 1243025 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array send_session->session_name of size 255 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- diff --git a/src/bin/lttng-relayd/live.c b/src/bin/lttng-relayd/live.c index 8da2d62fb..ad6d3e53a 100644 --- a/src/bin/lttng-relayd/live.c +++ b/src/bin/lttng-relayd/live.c @@ -833,10 +833,19 @@ int viewer_list_sessions(struct relay_connection *conn) buf_count = new_buf_count; } send_session = &send_session_buf[count]; - strncpy(send_session->session_name, session->session_name, - sizeof(send_session->session_name)); - strncpy(send_session->hostname, session->hostname, - sizeof(send_session->hostname)); + if (lttng_strncpy(send_session->session_name, + session->session_name, + sizeof(send_session->session_name))) { + ret = -1; + rcu_read_unlock(); + goto end_free; + } + if (lttng_strncpy(send_session->hostname, session->hostname, + sizeof(send_session->hostname))) { + ret = -1; + rcu_read_unlock(); + goto end_free; + } send_session->id = htobe64(session->id); send_session->live_timer = htobe32(session->live_timer); if (session->viewer_attached) {