Fix: illegal memory access in viewer_list_sessions

Found by Coverity:

CID 1243025 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a
maximum size argument of 64 bytes on destination array
send_session->hostname of size 64 bytes might leave the destination
string unterminated.

CID 1243025 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array
send_session->session_name of size 255 bytes might leave the destination
string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/bin/lttng-relayd/live.c b/src/bin/lttng-relayd/live.c
index 8da2d62fbaa1aac211fac676cf2650cf2df4bdd7..ad6d3e53a6a406f73ef83aef3b4df5910095617b 100644 (file)
--- a/src/bin/lttng-relayd/live.c
+++ b/src/bin/lttng-relayd/live.c
@@ -833,10 +833,19 @@ int viewer_list_sessions(struct relay_connection *conn)
                        buf_count = new_buf_count;
                }
                send_session = &send_session_buf[count];
-               strncpy(send_session->session_name, session->session_name,
-                               sizeof(send_session->session_name));
-               strncpy(send_session->hostname, session->hostname,
-                               sizeof(send_session->hostname));
+               if (lttng_strncpy(send_session->session_name,
+                               session->session_name,
+                               sizeof(send_session->session_name))) {
+                       ret = -1;
+                       rcu_read_unlock();
+                       goto end_free;
+               }
+               if (lttng_strncpy(send_session->hostname, session->hostname,
+                               sizeof(send_session->hostname))) {
+                       ret = -1;
+                       rcu_read_unlock();
+                       goto end_free;
+               }
                send_session->id = htobe64(session->id);
                send_session->live_timer = htobe32(session->live_timer);
                if (session->viewer_attached) {