Relay protocol: check string lengths

[lttng-tools.git] / src / bin / lttng-relayd / cmd-2-2.c

diff --git a/src/bin/lttng-relayd/cmd-2-2.c b/src/bin/lttng-relayd/cmd-2-2.c
index 7dd99ad5f0dbee10c5c377ec536e93b7ff06b348..4f34d8b66470ba90590e8f895f28e27f607bbc89 100644 (file)
--- a/src/bin/lttng-relayd/cmd-2-2.c
+++ b/src/bin/lttng-relayd/cmd-2-2.c
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2013 - Julien Desfossez <jdesfossez@efficios.com>
  *                      David Goulet <dgoulet@efficios.com>
+ *               2015 - Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License, version 2 only, as
@@ -16,28 +17,32 @@
  * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#define _GNU_SOURCE
 #define _LGPL_SOURCE
 #include <assert.h>
-#include <string.h>
 
 #include <common/common.h>
 #include <common/sessiond-comm/relayd.h>
 
 #include <common/compat/endian.h>
+#include <common/compat/string.h>
+#include <lttng/constant.h>
 
 #include "cmd-generic.h"
 #include "cmd-2-1.h"
 #include "utils.h"
 
+/*
+ * cmd_recv_stream_2_2 allocates path_name and channel_name.
+ */
 int cmd_recv_stream_2_2(struct relay_connection *conn,
-               struct relay_stream *stream)
+               char **ret_path_name, char **ret_channel_name,
+               uint64_t *tracefile_size, uint64_t *tracefile_count)
 {
        int ret;
        struct lttcomm_relayd_add_stream_2_2 stream_info;
-
-       assert(conn);
-       assert(stream);
+       char *path_name = NULL;
+       char *channel_name = NULL;
+       size_t len;
 
        ret = cmd_recv(conn->sock, &stream_info, sizeof(stream_info));
        if (ret < 0) {
@@ -45,24 +50,39 @@ int cmd_recv_stream_2_2(struct relay_connection *conn,
                goto error;
        }
 
-       stream->path_name = create_output_path(stream_info.pathname);
-       if (stream->path_name == NULL) {
+       len = lttng_strnlen(stream_info.pathname, sizeof(stream_info.pathname));
+       /* Ensure that NULL-terminated and fits in local filename length. */
+       if (len == sizeof(stream_info.pathname) || len >= LTTNG_NAME_MAX) {
+               ret = -ENAMETOOLONG;
+               ERR("Path name too long");
+               goto error;
+       }
+       path_name = create_output_path(stream_info.pathname);
+       if (!path_name) {
                PERROR("Path name allocation");
                ret = -ENOMEM;
                goto error;
        }
-
-       stream->channel_name = strdup(stream_info.channel_name);
-       if (stream->channel_name == NULL) {
+       len = lttng_strnlen(stream_info.channel_name, sizeof(stream_info.channel_name));
+       if (len == sizeof(stream_info.channel_name) || len >= DEFAULT_STREAM_NAME_LEN) {
+               ret = -ENAMETOOLONG;
+               ERR("Channel name too long");
+               goto error;
+       }
+       channel_name = strdup(stream_info.channel_name);
+       if (!channel_name) {
                ret = -errno;
-               PERROR("Path name allocation");
+               PERROR("Channel name allocation");
                goto error;
        }
 
-       stream->tracefile_size = be64toh(stream_info.tracefile_size);
-       stream->tracefile_count = be64toh(stream_info.tracefile_count);
-       ret = 0;
-
+       *tracefile_size = be64toh(stream_info.tracefile_size);
+       *tracefile_count = be64toh(stream_info.tracefile_count);
+       *ret_path_name = path_name;
+       *ret_channel_name = channel_name;
+       return 0;
 error:
+       free(path_name);
+       free(channel_name);
        return ret;
 }