From 43ed148559609eba941bb3dffa35bff67341e64d Mon Sep 17 00:00:00 2001
From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?=
 <jeremie.galarneau@efficios.com>
Date: Tue, 12 Jan 2021 17:08:56 -0500
Subject: [PATCH] Fix: sessiond: event name truncation during listing
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The use of strncpy can lead to silently-truncated event names. Replace
its use by the internal lttng_strncpy which fails on truncation.

Signed-off-by: JÃ©rÃ©mie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I65d6bd46208dc7b62a83e4600a52a6669fd99d55
---
 src/bin/lttng-sessiond/cmd.c | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index 2ae0ba687..96f7433a6 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -488,8 +488,14 @@ static int list_lttng_agent_events(struct agent *agt,
 			.loglevel_type = agent_event->loglevel_type,
 		};
 
-		strncpy(event.name, agent_event->name, sizeof(event.name));
-		event.name[sizeof(event.name) - 1] = '\0';
+		ret = lttng_strncpy(event.name, agent_event->name, sizeof(event.name));
+		if (ret) {
+			/* Internal error, invalid name. */
+			ERR("Invalid event name while listing agent events: '%s' exceeds the maximal allowed length of %zu bytes",
+					agent_event->name, sizeof(event.name));
+			ret = -LTTNG_ERR_UNK;
+			goto end;
+		}
 
 		ret = lttng_dynamic_buffer_append(
 				&payload->buffer, &event, sizeof(event));
@@ -556,8 +562,14 @@ static int list_lttng_ust_global_events(char *channel_name,
 			continue;
 		}
 
-		strncpy(event.name, uevent->attr.name, sizeof(event.name));
-		event.name[sizeof(event.name) - 1] = '\0';
+		ret = lttng_strncpy(event.name, uevent->attr.name, sizeof(event.name));
+		if (ret) {
+			/* Internal error, invalid name. */
+			ERR("Invalid event name while listing user space tracer events: '%s' exceeds the maximal allowed length of %zu bytes",
+					uevent->attr.name, sizeof(event.name));
+			ret = -LTTNG_ERR_UNK;
+			goto end;
+		}
 
 		event.enabled = uevent->enabled;
 
@@ -647,8 +659,16 @@ static int list_lttng_kernel_events(char *channel_name,
 	cds_list_for_each_entry(kevent, &kchan->events_list.head , list) {
 		struct lttng_event event = {};
 
-		strncpy(event.name, kevent->event->name, sizeof(event.name));
-		event.name[sizeof(event.name) - 1] = '\0';
+		ret = lttng_strncpy(event.name, kevent->event->name, sizeof(event.name));
+		if (ret) {
+			/* Internal error, invalid name. */
+			ERR("Invalid event name while listing kernel events: '%s' exceeds the maximal allowed length of %zu bytes",
+					kevent->event->name,
+					sizeof(event.name));
+			ret = -LTTNG_ERR_UNK;
+			goto end;
+		}
+
 		event.enabled = kevent->enabled;
 		event.filter = (unsigned char) !!kevent->filter_expression;
 
-- 
2.34.1