From 8bad91a9758fc5454a501d490c2e7560a5a76b46 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:56 -0400 Subject: [PATCH] Fix: illegal memory access in relayd_create_session_2_4 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243024 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)2. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array msg.session_name of size 255 bytes might leave the destination string unterminated. CID 1243024 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array msg.hostname of size 64 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/common/relayd/relayd.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/common/relayd/relayd.c b/src/common/relayd/relayd.c index 47db4081a..8f4f07a20 100644 --- a/src/common/relayd/relayd.c +++ b/src/common/relayd/relayd.c @@ -130,8 +130,15 @@ static int relayd_create_session_2_4(struct lttcomm_relayd_sock *rsock, int ret; struct lttcomm_relayd_create_session_2_4 msg; - strncpy(msg.session_name, session_name, sizeof(msg.session_name)); - strncpy(msg.hostname, hostname, sizeof(msg.hostname)); + if (lttng_strncpy(msg.session_name, session_name, + sizeof(msg.session_name))) { + ret = -1; + goto error; + } + if (lttng_strncpy(msg.hostname, hostname, sizeof(msg.hostname))) { + ret = -1; + goto error; + } msg.live_timer = htobe32(session_live_timer); msg.snapshot = htobe32(snapshot); -- 2.34.1