Fix: unchecked buffer size for communication header
[lttng-tools.git] / src / common / notification.c
1 /*
2 * Copyright (C) 2017 Jérémie Galarneau <jeremie.galarneau@efficios.com>
3 *
4 * SPDX-License-Identifier: LGPL-2.1-only
5 *
6 */
7
8 #include <lttng/notification/notification-internal.h>
9 #include <lttng/condition/condition-internal.h>
10 #include <lttng/condition/evaluation-internal.h>
11 #include <lttng/condition/condition.h>
12 #include <lttng/condition/evaluation.h>
13 #include <common/payload.h>
14 #include <common/payload-view.h>
15 #include <assert.h>
16
17 LTTNG_HIDDEN
18 struct lttng_notification *lttng_notification_create(
19 struct lttng_condition *condition,
20 struct lttng_evaluation *evaluation)
21 {
22 struct lttng_notification *notification = NULL;
23
24 if (!condition || !evaluation) {
25 goto end;
26 }
27
28 notification = zmalloc(sizeof(struct lttng_notification));
29 if (!notification) {
30 goto end;
31 }
32
33 notification->condition = condition;
34 notification->evaluation = evaluation;
35 end:
36 return notification;
37 }
38
39 LTTNG_HIDDEN
40 int lttng_notification_serialize(const struct lttng_notification *notification,
41 struct lttng_payload *payload)
42 {
43 int ret;
44 size_t header_offset, size_before_payload;
45 struct lttng_notification_comm notification_comm = { 0 };
46 struct lttng_notification_comm *header;
47
48 header_offset = payload->buffer.size;
49 ret = lttng_dynamic_buffer_append(&payload->buffer, &notification_comm,
50 sizeof(notification_comm));
51 if (ret) {
52 goto end;
53 }
54
55 size_before_payload = payload->buffer.size;
56 ret = lttng_condition_serialize(notification->condition,
57 payload);
58 if (ret) {
59 goto end;
60 }
61
62 ret = lttng_evaluation_serialize(notification->evaluation, payload);
63 if (ret) {
64 goto end;
65 }
66
67 /* Update payload size. */
68 header = (typeof(header)) (payload->buffer.data + header_offset);
69 header->length = (uint32_t) (payload->buffer.size - size_before_payload);
70 end:
71 return ret;
72
73 }
74
75 LTTNG_HIDDEN
76 ssize_t lttng_notification_create_from_payload(
77 struct lttng_payload_view *src_view,
78 struct lttng_notification **notification)
79 {
80 ssize_t ret, notification_size = 0, condition_size, evaluation_size;
81 struct lttng_condition *condition;
82 struct lttng_evaluation *evaluation;
83 const struct lttng_notification_comm *notification_comm;
84 const struct lttng_payload_view notification_comm_view =
85 lttng_payload_view_from_view(
86 src_view, 0, sizeof(*notification_comm));
87
88 if (!src_view || !notification) {
89 ret = -1;
90 goto end;
91 }
92
93 if (!lttng_payload_view_is_valid(&notification_comm_view)) {
94 /* Payload not large enough to contain the header. */
95 ret = -1;
96 goto end;
97 }
98
99 notification_comm = (typeof(notification_comm)) notification_comm_view.buffer.data;
100 notification_size += sizeof(*notification_comm);
101 {
102 /* struct lttng_condition */
103 struct lttng_payload_view condition_view =
104 lttng_payload_view_from_view(src_view,
105 notification_size, -1);
106
107 condition_size = lttng_condition_create_from_payload(
108 &condition_view, &condition);
109 }
110
111 if (condition_size < 0) {
112 ret = condition_size;
113 goto end;
114 }
115
116 notification_size += condition_size;
117
118 {
119 /* struct lttng_evaluation */
120 struct lttng_payload_view evaluation_view =
121 lttng_payload_view_from_view(src_view,
122 notification_size, -1);
123
124 evaluation_size = lttng_evaluation_create_from_payload(
125 &evaluation_view, &evaluation);
126 }
127
128 if (evaluation_size < 0) {
129 ret = evaluation_size;
130 goto end;
131 }
132
133 notification_size += evaluation_size;
134
135 /* Unexpected size of inner-elements; the buffer is corrupted. */
136 if ((ssize_t) notification_comm->length !=
137 condition_size + evaluation_size) {
138 ret = -1;
139 goto error;
140 }
141
142 *notification = lttng_notification_create(condition, evaluation);
143 if (!*notification) {
144 ret = -1;
145 goto error;
146 }
147 ret = notification_size;
148 end:
149 return ret;
150 error:
151 lttng_condition_destroy(condition);
152 lttng_evaluation_destroy(evaluation);
153 return ret;
154 }
155
156 void lttng_notification_destroy(struct lttng_notification *notification)
157 {
158 if (!notification) {
159 return;
160 }
161
162 lttng_condition_destroy(notification->condition);
163 lttng_evaluation_destroy(notification->evaluation);
164 free(notification);
165 }
166
167 const struct lttng_condition *lttng_notification_get_condition(
168 struct lttng_notification *notification)
169 {
170 return notification ? notification->condition : NULL;
171 }
172
173 const struct lttng_evaluation *lttng_notification_get_evaluation(
174 struct lttng_notification *notification)
175 {
176 return notification ? notification->evaluation : NULL;
177 }
This page took 0.047346 seconds and 4 git commands to generate.