[lttng-dev] [PATCH lttng-tools 05/24] Fix: illegal memory access in enable_event
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue May 17 01:42:44 UTC 2016
Found by Coverity:
CID 1243033 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)16. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array msg.name of size
256 bytes might leave the destination string unterminated.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
src/bin/lttng-sessiond/agent.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c
index ced0f85..f79ac00 100644
--- a/src/bin/lttng-sessiond/agent.c
+++ b/src/bin/lttng-sessiond/agent.c
@@ -408,17 +408,20 @@ static int enable_event(struct agent_app *app, struct agent_event *event)
}
data_size = sizeof(msg) + filter_expression_length;
- ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0);
- if (ret < 0) {
- goto error_io;
- }
-
memset(&msg, 0, sizeof(msg));
msg.loglevel_value = htobe32(event->loglevel_value);
msg.loglevel_type = htobe32(event->loglevel_type);
- strncpy(msg.name, event->name, sizeof(msg.name));
+ if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) {
+ ret = LTTNG_ERR_INVALID;
+ goto error;
+ }
msg.filter_expression_length = htobe32(filter_expression_length);
+ ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0);
+ if (ret < 0) {
+ goto error_io;
+ }
+
bytes_to_send = zmalloc(data_size);
if (!bytes_to_send) {
ret = LTTNG_ERR_NOMEM;
--
2.1.4
More information about the lttng-dev
mailing list