[lttng-dev] [PATCH lttng-tools v2] Fix: Properly sanitize input parameter
Jérémie Galarneau
jeremie.galarneau at efficios.com
Fri Mar 29 14:13:46 EDT 2019
Merged in master, stable-2.11, stable-2.10, and stable-2.9.
Thanks!
Jérémie
On Tue, Mar 26, 2019 at 03:53:06PM -0400, Yannick Lamarre wrote:
> The lttng client uses the sizeof the containing buffer, defined as
> LTTNG_SYMBOL_NAME_LEN, for input string sanitation instead of libc defined
> macro NAME_MAX. lttng-enable_channel improperly verified user input
> and wrongly discarded valid input in case NAME_MAX was less than the
> sizeof the containing buffer for the channel's name.
> This patch also fixes potential buffer overflow caused by an improperly
> bounded strcpy in the case where NAME_MAX would have been greater than
> LTTNG_SYMBOL_NAME_LEN.
>
> Signed-off-by: Yannick Lamarre <ylamarre at efficios.com>
> ---
> src/bin/lttng/commands/enable_channels.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/bin/lttng/commands/enable_channels.c b/src/bin/lttng/commands/enable_channels.c
> index b4e2942c..5e314d9b 100644
> --- a/src/bin/lttng/commands/enable_channels.c
> +++ b/src/bin/lttng/commands/enable_channels.c
> @@ -244,7 +244,7 @@ static int enable_channel(char *session_name)
> void *extended_ptr;
>
> /* Validate channel name's length */
> - if (strlen(channel_name) >= NAME_MAX) {
> + if (strlen(channel_name) > sizeof(chan_opts.name) - 1) {
> ERR("Channel name is too long (max. %zu characters)",
> sizeof(chan_opts.name) - 1);
> error = 1;
> --
> 2.11.0
>
More information about the lttng-dev
mailing list