[lttng-dev] [PATCH lttng-tools 04/24] Fix: illegal memory access in add_uri_to_consumer
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue May 17 01:42:43 UTC 2016
Found by Coverity:
CID 1243038 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)15. buffer_size_warning: Calling strncpy with a
maximum size argument of 4096 bytes on destination array
consumer->dst.trace_path of size 4096 bytes might leave the destination
string unterminated.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
src/bin/lttng-sessiond/cmd.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index b72b091..5afa1a3 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -758,12 +758,15 @@ static int add_uri_to_consumer(struct consumer_output *consumer,
DBG2("Setting trace directory path from URI to %s", uri->dst.path);
memset(consumer->dst.trace_path, 0,
sizeof(consumer->dst.trace_path));
- strncpy(consumer->dst.trace_path, uri->dst.path,
- sizeof(consumer->dst.trace_path));
+ /* Explicit length checks for strcpy and strcat. */
+ if (strlen(uri->dst.path) + strlen(default_trace_dir)
+ >= sizeof(consumer->dst.trace_path)) {
+ ret = LTTNG_ERR_FATAL;
+ goto error;
+ }
+ strcpy(consumer->dst.trace_path, uri->dst.path);
/* Append default trace dir */
- strncat(consumer->dst.trace_path, default_trace_dir,
- sizeof(consumer->dst.trace_path) -
- strlen(consumer->dst.trace_path) - 1);
+ strcat(consumer->dst.trace_path, default_trace_dir);
/* Flag consumer as local. */
consumer->type = CONSUMER_DST_LOCAL;
break;
--
2.1.4
More information about the lttng-dev
mailing list