[lttng-dev] [PATCH lttng-tools 02/24] Fix: illegal memory access in _cmd_enable_event
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue May 17 01:42:41 UTC 2016
Found by Coverity:
CID 1321742 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)21. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array attr->name of
size 256 bytes might leave the destination string unterminated.
CID 1321742 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)22. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array attr->name of
size 256 bytes might leave the destination string unterminated.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
src/bin/lttng-sessiond/cmd.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index 16d8ba2..b72b091 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -1853,7 +1853,12 @@ static int _cmd_enable_event(struct ltt_session *session,
ret = LTTNG_ERR_FATAL;
goto error;
}
- strncpy(attr->name, channel_name, sizeof(attr->name));
+ if (lttng_strncpy(attr->name, channel_name,
+ sizeof(attr->name))) {
+ ret = LTTNG_ERR_INVALID;
+ free(attr);
+ goto error;
+ }
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
@@ -1990,7 +1995,12 @@ static int _cmd_enable_event(struct ltt_session *session,
ret = LTTNG_ERR_FATAL;
goto error;
}
- strncpy(attr->name, channel_name, sizeof(attr->name));
+ if (lttng_strncpy(attr->name, channel_name,
+ sizeof(attr->name))) {
+ ret = LTTNG_ERR_INVALID;
+ free(attr);
+ goto error;
+ }
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
--
2.1.4
More information about the lttng-dev
mailing list