projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git]
/
src
/
common
/
event-rule
/
tracepoint.c
diff --git
a/src/common/event-rule/tracepoint.c
b/src/common/event-rule/tracepoint.c
index 14e4c7b01901e9b7706ab5e3b83162ba82764337..f750af47f8ced8e496462daa9acd6a9b70b32e56 100644
(file)
--- a/
src/common/event-rule/tracepoint.c
+++ b/
src/common/event-rule/tracepoint.c
@@
-603,21
+603,16
@@
ssize_t lttng_event_rule_tracepoint_create_from_payload(
goto end;
}
goto end;
}
- if (view->buffer.size < sizeof(*tracepoint_comm)) {
+ current_buffer_view = lttng_buffer_view_from_view(
+ &view->buffer, offset, sizeof(*tracepoint_comm));
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
ERR("Failed to initialize from malformed event rule tracepoint: buffer too short to contain header.");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed event rule tracepoint: buffer too short to contain header.");
ret = -1;
goto end;
}
- current_buffer_view = lttng_buffer_view_from_view(
- &view->buffer, offset, sizeof(*tracepoint_comm));
tracepoint_comm = (typeof(tracepoint_comm)) current_buffer_view.data;
tracepoint_comm = (typeof(tracepoint_comm)) current_buffer_view.data;
- if (!tracepoint_comm) {
- ret = -1;
- goto end;
- }
-
if (tracepoint_comm->domain_type <= LTTNG_DOMAIN_NONE ||
tracepoint_comm->domain_type > LTTNG_DOMAIN_PYTHON) {
/* Invalid domain value. */
if (tracepoint_comm->domain_type <= LTTNG_DOMAIN_NONE ||
tracepoint_comm->domain_type > LTTNG_DOMAIN_PYTHON) {
/* Invalid domain value. */
@@
-667,12
+662,13
@@
ssize_t lttng_event_rule_tracepoint_create_from_payload(
/* Map the pattern. */
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, tracepoint_comm->pattern_len);
/* Map the pattern. */
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, tracepoint_comm->pattern_len);
- pattern = current_buffer_view.data;
- if (!
pattern
) {
+
+ if (!
lttng_buffer_view_is_valid(¤t_buffer_view)
) {
ret = -1;
goto end;
}
ret = -1;
goto end;
}
+ pattern = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view, pattern,
tracepoint_comm->pattern_len)) {
ret = -1;
if (!lttng_buffer_view_contains_string(¤t_buffer_view, pattern,
tracepoint_comm->pattern_len)) {
ret = -1;
@@
-689,12
+685,12
@@
ssize_t lttng_event_rule_tracepoint_create_from_payload(
/* Map the filter_expression. */
current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
tracepoint_comm->filter_expression_len);
/* Map the filter_expression. */
current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
tracepoint_comm->filter_expression_len);
- filter_expression = current_buffer_view.data;
- if (!filter_expression) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
ret = -1;
goto end;
}
ret = -1;
goto end;
}
+ filter_expression = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
filter_expression,
tracepoint_comm->filter_expression_len)) {
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
filter_expression,
tracepoint_comm->filter_expression_len)) {
@@
-709,15
+705,21
@@
skip_filter_expression:
for (i = 0; i < tracepoint_comm->exclusions_count; i++) {
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, sizeof(*exclusion_len));
for (i = 0; i < tracepoint_comm->exclusions_count; i++) {
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, sizeof(*exclusion_len));
- exclusion_len = (typeof(exclusion_len)) current_buffer_view.data;
- if (!exclusion_len) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
ret = -1;
goto end;
}
ret = -1;
goto end;
}
+ exclusion_len = (typeof(exclusion_len)) current_buffer_view.data;
offset += sizeof(*exclusion_len);
offset += sizeof(*exclusion_len);
+
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, *exclusion_len);
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, *exclusion_len);
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ ret = -1;
+ goto end;
+ }
+
exclusion = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
exclusion, *exclusion_len)) {
exclusion = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
exclusion, *exclusion_len)) {
This page took
0.025246 seconds
and
4
git commands to generate.