[lttng-dev] [PATCH lttng-tools 17/24] Fix: illegal memory access in relayd_create_session_2_4
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue May 17 01:42:56 UTC 2016
Found by Coverity:
CID 1243024 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)2. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array msg.session_name
of size 255 bytes might leave the destination string unterminated.
CID 1243024 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a
maximum size argument of 64 bytes on destination array msg.hostname of
size 64 bytes might leave the destination string unterminated.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
src/common/relayd/relayd.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/common/relayd/relayd.c b/src/common/relayd/relayd.c
index acf6c38..9e95255 100644
--- a/src/common/relayd/relayd.c
+++ b/src/common/relayd/relayd.c
@@ -129,16 +129,15 @@ static int relayd_create_session_2_4(struct lttcomm_relayd_sock *rsock,
int ret;
struct lttcomm_relayd_create_session_2_4 msg;
- if (strlen(session_name) >= sizeof(msg.session_name)) {
+ if (lttng_strncpy(msg.session_name, session_name,
+ sizeof(msg.session_name))) {
ret = -1;
goto error;
}
- strncpy(msg.session_name, session_name, sizeof(msg.session_name));
- if (strlen(hostname) >= sizeof(msg.hostname)) {
+ if (lttng_strncpy(msg.hostname, hostname, sizeof(msg.hostname))) {
ret = -1;
goto error;
}
- strncpy(msg.hostname, hostname, sizeof(msg.hostname));
msg.live_timer = htobe32(session_live_timer);
msg.snapshot = htobe32(snapshot);
--
2.1.4
More information about the lttng-dev
mailing list