projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: illegal memory access in cmd_snapshot_list_outputs
[lttng-tools.git]
/
src
/
bin
/
lttng-sessiond
/
cmd.c
diff --git
a/src/bin/lttng-sessiond/cmd.c
b/src/bin/lttng-sessiond/cmd.c
index 9362833c931fcb9fdcd5f9a82660e7260c24370c..201cbd183f8796f0bf716546562f31fd6b80b9b9 100644
(file)
--- a/
src/bin/lttng-sessiond/cmd.c
+++ b/
src/bin/lttng-sessiond/cmd.c
@@
-758,12
+758,15
@@
static int add_uri_to_consumer(struct consumer_output *consumer,
DBG2("Setting trace directory path from URI to %s", uri->dst.path);
memset(consumer->dst.trace_path, 0,
sizeof(consumer->dst.trace_path));
DBG2("Setting trace directory path from URI to %s", uri->dst.path);
memset(consumer->dst.trace_path, 0,
sizeof(consumer->dst.trace_path));
- strncpy(consumer->dst.trace_path, uri->dst.path,
- sizeof(consumer->dst.trace_path));
+ /* Explicit length checks for strcpy and strcat. */
+ if (strlen(uri->dst.path) + strlen(default_trace_dir)
+ >= sizeof(consumer->dst.trace_path)) {
+ ret = LTTNG_ERR_FATAL;
+ goto error;
+ }
+ strcpy(consumer->dst.trace_path, uri->dst.path);
/* Append default trace dir */
/* Append default trace dir */
- strncat(consumer->dst.trace_path, default_trace_dir,
- sizeof(consumer->dst.trace_path) -
- strlen(consumer->dst.trace_path) - 1);
+ strcat(consumer->dst.trace_path, default_trace_dir);
/* Flag consumer as local. */
consumer->type = CONSUMER_DST_LOCAL;
break;
/* Flag consumer as local. */
consumer->type = CONSUMER_DST_LOCAL;
break;
@@
-1810,7
+1813,7
@@
static int _cmd_enable_event(struct ltt_session *session,
int wpipe, bool internal_event)
{
int ret, channel_created = 0;
int wpipe, bool internal_event)
{
int ret, channel_created = 0;
- struct lttng_channel *attr;
+ struct lttng_channel *attr
= NULL
;
assert(session);
assert(event);
assert(session);
assert(event);
@@
-1853,15
+1856,16
@@
static int _cmd_enable_event(struct ltt_session *session,
ret = LTTNG_ERR_FATAL;
goto error;
}
ret = LTTNG_ERR_FATAL;
goto error;
}
- strncpy(attr->name, channel_name, sizeof(attr->name));
+ if (lttng_strncpy(attr->name, channel_name,
+ sizeof(attr->name))) {
+ ret = LTTNG_ERR_INVALID;
+ goto error;
+ }
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
- free(attr);
goto error;
}
goto error;
}
- free(attr);
-
channel_created = 1;
}
channel_created = 1;
}
@@
-1990,14
+1994,16
@@
static int _cmd_enable_event(struct ltt_session *session,
ret = LTTNG_ERR_FATAL;
goto error;
}
ret = LTTNG_ERR_FATAL;
goto error;
}
- strncpy(attr->name, channel_name, sizeof(attr->name));
+ if (lttng_strncpy(attr->name, channel_name,
+ sizeof(attr->name))) {
+ ret = LTTNG_ERR_INVALID;
+ goto error;
+ }
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
- free(attr);
goto error;
}
goto error;
}
- free(attr);
/* Get the newly created channel reference back */
uchan = trace_ust_find_channel_by_name(
/* Get the newly created channel reference back */
uchan = trace_ust_find_channel_by_name(
@@
-2172,6
+2178,7
@@
error:
free(filter_expression);
free(filter);
free(exclusion);
free(filter_expression);
free(filter);
free(exclusion);
+ free(attr);
rcu_read_unlock();
return ret;
}
rcu_read_unlock();
return ret;
}
@@
-3349,10
+3356,18
@@
ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
assert(output->consumer);
list[idx].id = output->id;
list[idx].max_size = output->max_size;
assert(output->consumer);
list[idx].id = output->id;
list[idx].max_size = output->max_size;
- strncpy(list[idx].name, output->name, sizeof(list[idx].name));
+ if (lttng_strncpy(list[idx].name, output->name,
+ sizeof(list[idx].name))) {
+ ret = -LTTNG_ERR_INVALID;
+ goto error;
+ }
if (output->consumer->type == CONSUMER_DST_LOCAL) {
if (output->consumer->type == CONSUMER_DST_LOCAL) {
- strncpy(list[idx].ctrl_url, output->consumer->dst.trace_path,
- sizeof(list[idx].ctrl_url));
+ if (lttng_strncpy(list[idx].ctrl_url,
+ output->consumer->dst.trace_path,
+ sizeof(list[idx].ctrl_url))) {
+ ret = -LTTNG_ERR_INVALID;
+ goto error;
+ }
} else {
/* Control URI. */
ret = uri_to_str_url(&output->consumer->dst.net.control,
} else {
/* Control URI. */
ret = uri_to_str_url(&output->consumer->dst.net.control,
@@
-3593,13
+3608,6
@@
static int record_kernel_snapshot(struct ltt_kernel_session *ksess,
assert(output);
assert(session);
assert(output);
assert(session);
- /* Get the datetime for the snapshot output directory. */
- ret = utils_get_current_time_str("%Y%m%d-%H%M%S", output->datetime,
- sizeof(output->datetime));
- if (!ret) {
- ret = LTTNG_ERR_INVALID;
- goto error;
- }
/*
* Copy kernel session sockets so we can communicate with the right
/*
* Copy kernel session sockets so we can communicate with the right
@@
-3647,14
+3655,6
@@
static int record_ust_snapshot(struct ltt_ust_session *usess,
assert(output);
assert(session);
assert(output);
assert(session);
- /* Get the datetime for the snapshot output directory. */
- ret = utils_get_current_time_str("%Y%m%d-%H%M%S", output->datetime,
- sizeof(output->datetime));
- if (!ret) {
- ret = LTTNG_ERR_INVALID;
- goto error;
- }
-
/*
* Copy UST session sockets so we can communicate with the right
* consumer for the snapshot record command.
/*
* Copy UST session sockets so we can communicate with the right
* consumer for the snapshot record command.
@@
-3676,9
+3676,6
@@
static int record_ust_snapshot(struct ltt_ust_session *usess,
case EINVAL:
ret = LTTNG_ERR_INVALID;
break;
case EINVAL:
ret = LTTNG_ERR_INVALID;
break;
- case ENODATA:
- ret = LTTNG_ERR_SNAPSHOT_NODATA;
- break;
default:
ret = LTTNG_ERR_SNAPSHOT_FAIL;
break;
default:
ret = LTTNG_ERR_SNAPSHOT_FAIL;
break;
@@
-3796,12
+3793,21
@@
int cmd_snapshot_record(struct ltt_session *session,
unsigned int use_tmp_output = 0;
struct snapshot_output tmp_output;
unsigned int snapshot_success = 0;
unsigned int use_tmp_output = 0;
struct snapshot_output tmp_output;
unsigned int snapshot_success = 0;
+ char datetime[16];
assert(session);
assert(output);
DBG("Cmd snapshot record for session %s", session->name);
assert(session);
assert(output);
DBG("Cmd snapshot record for session %s", session->name);
+ /* Get the datetime for the snapshot output directory. */
+ ret = utils_get_current_time_str("%Y%m%d-%H%M%S", datetime,
+ sizeof(datetime));
+ if (!ret) {
+ ret = LTTNG_ERR_INVALID;
+ goto error;
+ }
+
/*
* Permission denied to create an output if the session is not
* set in no output mode.
/*
* Permission denied to create an output if the session is not
* set in no output mode.
@@
-3832,6
+3838,9
@@
int cmd_snapshot_record(struct ltt_session *session,
}
/* Use the global session count for the temporary snapshot. */
tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
}
/* Use the global session count for the temporary snapshot. */
tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
+
+ /* Use the global datetime */
+ memcpy(tmp_output.datetime, datetime, sizeof(datetime));
use_tmp_output = 1;
}
use_tmp_output = 1;
}
@@
-3899,6
+3908,7
@@
int cmd_snapshot_record(struct ltt_session *session,
}
tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
}
tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
+ memcpy(tmp_output.datetime, datetime, sizeof(datetime));
if (session->kernel_session) {
ret = record_kernel_snapshot(session->kernel_session,
if (session->kernel_session) {
ret = record_kernel_snapshot(session->kernel_session,
This page took
0.025791 seconds
and
4
git commands to generate.