[lttng-dev] [PATCH lttng-tools] Fix: Properly sanitize input parameter
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue Mar 26 14:31:49 EDT 2019
----- On Mar 26, 2019, at 2:21 PM, Yannick Lamarre ylamarre at efficios.com wrote:
> The lttng client uses the sizeof the containing buffer for input string
> sanitation instead of libc defined macro.
The missing part of this changelog is the "why ?". Why is this change needed ?
What is wrong with the code ?
Just describing the code is of limited value. We can get that information from
reading the source.
>
> Signed-off-by: Yannick Lamarre <ylamarre at efficios.com>
> ---
> lttng-enable_channel was improperly verifying user input and wrongly rejected
> valid input.
This part should have been in the changelog, not after "---". Also, we are missing
examples of the problems this causes.
Thanks,
Mathieu
>
> src/bin/lttng/commands/enable_channels.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/bin/lttng/commands/enable_channels.c
> b/src/bin/lttng/commands/enable_channels.c
> index b4e2942c..5e314d9b 100644
> --- a/src/bin/lttng/commands/enable_channels.c
> +++ b/src/bin/lttng/commands/enable_channels.c
> @@ -244,7 +244,7 @@ static int enable_channel(char *session_name)
> void *extended_ptr;
>
> /* Validate channel name's length */
> - if (strlen(channel_name) >= NAME_MAX) {
> + if (strlen(channel_name) > sizeof(chan_opts.name) - 1) {
> ERR("Channel name is too long (max. %zu characters)",
> sizeof(chan_opts.name) - 1);
> error = 1;
> --
> 2.11.0
>
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list