Fix: scanf unbounded input

[lttng-tools.git] / src / bin / lttng / conf.c

diff --git a/src/bin/lttng/conf.c b/src/bin/lttng/conf.c
index b6632fcb144c052fa0ef4a9652843a074abd64c7..55ed6352663e8f71dd2f496bf48cf5696d586bec 100644 (file)
--- a/src/bin/lttng/conf.c
+++ b/src/bin/lttng/conf.c
@@ -25,6 +25,7 @@
 #include <unistd.h>
 
 #include <common/error.h>
+#include <common/utils.h>
 
 #include "conf.h"
 
@@ -122,14 +123,6 @@ end:
        return ret;
 }
 
-/*
- * Returns the HOME directory path. Caller MUST NOT free(3) the return pointer.
- */
-char *config_get_default_path(void)
-{
-       return getenv("HOME");
-}
-
 /*
  * Destroys directory config and file config.
  */
@@ -161,7 +154,7 @@ end:
  */
 void config_destroy_default(void)
 {
-       char *path = config_get_default_path();
+       char *path = utils_get_home_dir();
        if (path == NULL) {
                return;
        }
@@ -193,6 +186,9 @@ char *config_read_session_name(char *path)
        int ret;
        FILE *fp;
        char var[NAME_MAX], *session_name;
+#if (NAME_MAX == 255)
+#define NAME_MAX_SCANF_IS_A_BROKEN_API "254"
+#endif
 
        session_name = malloc(NAME_MAX);
        if (session_name == NULL) {
@@ -209,7 +205,9 @@ char *config_read_session_name(char *path)
        }
 
        while (!feof(fp)) {
-               if ((ret = fscanf(fp, "%[^'=']=%s\n", var, session_name)) != 2) {
+               if ((ret = fscanf(fp, "%" NAME_MAX_SCANF_IS_A_BROKEN_API
+                               "[^'=']=%" NAME_MAX_SCANF_IS_A_BROKEN_API "s\n",
+                               var, session_name)) != 2) {
                        if (ret == -1) {
                                ERR("Missing session=NAME in config file.");
                                goto error_close;
@@ -277,7 +275,7 @@ int config_init(char *session_name)
        int ret;
        char *path;
 
-       path = config_get_default_path();
+       path = utils_get_home_dir();
        if (path == NULL) {
                ret = -1;
                goto error;