Fix: illegal memory access in session_create

Found by Coverity:

CID 1323138 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a
maximum size argument of 64 bytes on destination array session->hostname
of size 64 bytes might leave the destination string unterminated.

CID 1323138 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array
session->session_name of size 255 bytes might leave the destination
string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c
index c2bf0f403148621cfa001342b53aae0c7b0e21ab..d71c5dbbea3ca5dfbac6270bc7fb90bbfc193b98 100644 (file)
--- a/src/bin/lttng-relayd/session.c
+++ b/src/bin/lttng-relayd/session.c
@@ -47,11 +47,16 @@ struct relay_session *session_create(const char *session_name,
                PERROR("relay session zmalloc");
                goto error;
        }
-
+       if (lttng_strncpy(session->session_name, session_name,
+                       sizeof(session->session_name))) {
+               goto error;
+       }
+       if (lttng_strncpy(session->hostname, hostname,
+                       sizeof(session->hostname))) {
+               goto error;
+       }
        session->ctf_traces_ht = lttng_ht_new(0, LTTNG_HT_TYPE_STRING);
        if (!session->ctf_traces_ht) {
-               free(session);
-               session = NULL;
                goto error;
        }
 
@@ -68,17 +73,15 @@ struct relay_session *session_create(const char *session_name,
        pthread_mutex_init(&session->reflock, NULL);
        pthread_mutex_init(&session->recv_list_lock, NULL);
 
-       strncpy(session->session_name, session_name,
-                       sizeof(session->session_name));
-       strncpy(session->hostname, hostname,
-                       sizeof(session->hostname));
        session->live_timer = live_timer;
        session->snapshot = snapshot;
 
        lttng_ht_add_unique_u64(sessions_ht, &session->session_n);
+       return session;
 
 error:
-       return session;
+       free(session);
+       return NULL;
 }
 
 /* Should be called with RCU read-side lock held. */