From 2e8d52dfacba81da20f4abeb53f6cb98d8d096d9 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:55 -0400 Subject: [PATCH] Fix: illegal memory access in session_create MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1323138 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array session->hostname of size 64 bytes might leave the destination string unterminated. CID 1323138 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array session->session_name of size 255 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-relayd/session.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c index c2bf0f403..d71c5dbbe 100644 --- a/src/bin/lttng-relayd/session.c +++ b/src/bin/lttng-relayd/session.c @@ -47,11 +47,16 @@ struct relay_session *session_create(const char *session_name, PERROR("relay session zmalloc"); goto error; } - + if (lttng_strncpy(session->session_name, session_name, + sizeof(session->session_name))) { + goto error; + } + if (lttng_strncpy(session->hostname, hostname, + sizeof(session->hostname))) { + goto error; + } session->ctf_traces_ht = lttng_ht_new(0, LTTNG_HT_TYPE_STRING); if (!session->ctf_traces_ht) { - free(session); - session = NULL; goto error; } @@ -68,17 +73,15 @@ struct relay_session *session_create(const char *session_name, pthread_mutex_init(&session->reflock, NULL); pthread_mutex_init(&session->recv_list_lock, NULL); - strncpy(session->session_name, session_name, - sizeof(session->session_name)); - strncpy(session->hostname, hostname, - sizeof(session->hostname)); session->live_timer = live_timer; session->snapshot = snapshot; lttng_ht_add_unique_u64(sessions_ht, &session->session_n); + return session; error: - return session; + free(session); + return NULL; } /* Should be called with RCU read-side lock held. */ -- 2.34.1