Fix: unchecked buffer size for communication header
[lttng-tools.git] / src / common / notification.c
CommitLineData
a58c490f 1/*
ab5be9fa 2 * Copyright (C) 2017 Jérémie Galarneau <jeremie.galarneau@efficios.com>
a58c490f 3 *
ab5be9fa 4 * SPDX-License-Identifier: LGPL-2.1-only
a58c490f 5 *
a58c490f
JG
6 */
7
8#include <lttng/notification/notification-internal.h>
9#include <lttng/condition/condition-internal.h>
10#include <lttng/condition/evaluation-internal.h>
11#include <lttng/condition/condition.h>
12#include <lttng/condition/evaluation.h>
9e620ea7
JG
13#include <common/payload.h>
14#include <common/payload-view.h>
a58c490f
JG
15#include <assert.h>
16
17LTTNG_HIDDEN
18struct lttng_notification *lttng_notification_create(
19 struct lttng_condition *condition,
20 struct lttng_evaluation *evaluation)
21{
22 struct lttng_notification *notification = NULL;
23
24 if (!condition || !evaluation) {
25 goto end;
26 }
27
28 notification = zmalloc(sizeof(struct lttng_notification));
29 if (!notification) {
30 goto end;
31 }
32
33 notification->condition = condition;
34 notification->evaluation = evaluation;
a58c490f
JG
35end:
36 return notification;
37}
38
39LTTNG_HIDDEN
9b63a4aa 40int lttng_notification_serialize(const struct lttng_notification *notification,
c0a66c84 41 struct lttng_payload *payload)
a58c490f 42{
3647288f
JG
43 int ret;
44 size_t header_offset, size_before_payload;
1e9e2705 45 struct lttng_notification_comm notification_comm = { 0 };
3647288f 46 struct lttng_notification_comm *header;
a58c490f 47
c0a66c84
JG
48 header_offset = payload->buffer.size;
49 ret = lttng_dynamic_buffer_append(&payload->buffer, &notification_comm,
3647288f 50 sizeof(notification_comm));
28cff59f
JG
51 if (ret) {
52 goto end;
53 }
a58c490f 54
c0a66c84 55 size_before_payload = payload->buffer.size;
3647288f 56 ret = lttng_condition_serialize(notification->condition,
c0a66c84 57 payload);
3647288f 58 if (ret) {
a58c490f
JG
59 goto end;
60 }
a58c490f 61
c0a66c84 62 ret = lttng_evaluation_serialize(notification->evaluation, payload);
3647288f 63 if (ret) {
a58c490f
JG
64 goto end;
65 }
a58c490f 66
3647288f 67 /* Update payload size. */
c0a66c84
JG
68 header = (typeof(header)) (payload->buffer.data + header_offset);
69 header->length = (uint32_t) (payload->buffer.size - size_before_payload);
a58c490f
JG
70end:
71 return ret;
72
73}
74
75LTTNG_HIDDEN
c0a66c84
JG
76ssize_t lttng_notification_create_from_payload(
77 struct lttng_payload_view *src_view,
a58c490f
JG
78 struct lttng_notification **notification)
79{
80 ssize_t ret, notification_size = 0, condition_size, evaluation_size;
a58c490f
JG
81 struct lttng_condition *condition;
82 struct lttng_evaluation *evaluation;
3e6e0df2
JG
83 const struct lttng_notification_comm *notification_comm;
84 const struct lttng_payload_view notification_comm_view =
85 lttng_payload_view_from_view(
86 src_view, 0, sizeof(*notification_comm));
a58c490f
JG
87
88 if (!src_view || !notification) {
89 ret = -1;
90 goto end;
91 }
92
3e6e0df2
JG
93 if (!lttng_payload_view_is_valid(&notification_comm_view)) {
94 /* Payload not large enough to contain the header. */
95 ret = -1;
96 goto end;
97 }
98
99 notification_comm = (typeof(notification_comm)) notification_comm_view.buffer.data;
a58c490f 100 notification_size += sizeof(*notification_comm);
c0a66c84
JG
101 {
102 /* struct lttng_condition */
103 struct lttng_payload_view condition_view =
104 lttng_payload_view_from_view(src_view,
105 notification_size, -1);
106
107 condition_size = lttng_condition_create_from_payload(
108 &condition_view, &condition);
109 }
a58c490f 110
a58c490f
JG
111 if (condition_size < 0) {
112 ret = condition_size;
113 goto end;
114 }
c0a66c84 115
a58c490f
JG
116 notification_size += condition_size;
117
c0a66c84
JG
118 {
119 /* struct lttng_evaluation */
120 struct lttng_payload_view evaluation_view =
121 lttng_payload_view_from_view(src_view,
122 notification_size, -1);
123
124 evaluation_size = lttng_evaluation_create_from_payload(
125 &evaluation_view, &evaluation);
126 }
127
a58c490f
JG
128 if (evaluation_size < 0) {
129 ret = evaluation_size;
130 goto end;
131 }
c0a66c84 132
a58c490f
JG
133 notification_size += evaluation_size;
134
135 /* Unexpected size of inner-elements; the buffer is corrupted. */
136 if ((ssize_t) notification_comm->length !=
137 condition_size + evaluation_size) {
138 ret = -1;
139 goto error;
140 }
141
142 *notification = lttng_notification_create(condition, evaluation);
143 if (!*notification) {
144 ret = -1;
145 goto error;
146 }
147 ret = notification_size;
a58c490f
JG
148end:
149 return ret;
150error:
151 lttng_condition_destroy(condition);
152 lttng_evaluation_destroy(evaluation);
153 return ret;
154}
155
156void lttng_notification_destroy(struct lttng_notification *notification)
157{
158 if (!notification) {
159 return;
160 }
161
9b63a4aa
JG
162 lttng_condition_destroy(notification->condition);
163 lttng_evaluation_destroy(notification->evaluation);
a58c490f
JG
164 free(notification);
165}
166
167const struct lttng_condition *lttng_notification_get_condition(
168 struct lttng_notification *notification)
169{
170 return notification ? notification->condition : NULL;
171}
172
173const struct lttng_evaluation *lttng_notification_get_evaluation(
174 struct lttng_notification *notification)
175{
176 return notification ? notification->evaluation : NULL;
177}
This page took 0.063106 seconds and 4 git commands to generate.