Fix: unchecked buffer size for communication header
[lttng-tools.git] / src / common / event-rule / tracepoint.c
index 14e4c7b01901e9b7706ab5e3b83162ba82764337..f750af47f8ced8e496462daa9acd6a9b70b32e56 100644 (file)
@@ -603,21 +603,16 @@ ssize_t lttng_event_rule_tracepoint_create_from_payload(
                goto end;
        }
 
                goto end;
        }
 
-       if (view->buffer.size < sizeof(*tracepoint_comm)) {
+       current_buffer_view = lttng_buffer_view_from_view(
+                       &view->buffer, offset, sizeof(*tracepoint_comm));
+       if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
                ERR("Failed to initialize from malformed event rule tracepoint: buffer too short to contain header.");
                ret = -1;
                goto end;
        }
 
                ERR("Failed to initialize from malformed event rule tracepoint: buffer too short to contain header.");
                ret = -1;
                goto end;
        }
 
-       current_buffer_view = lttng_buffer_view_from_view(
-                       &view->buffer, offset, sizeof(*tracepoint_comm));
        tracepoint_comm = (typeof(tracepoint_comm)) current_buffer_view.data;
 
        tracepoint_comm = (typeof(tracepoint_comm)) current_buffer_view.data;
 
-       if (!tracepoint_comm) {
-               ret = -1;
-               goto end;
-       }
-
        if (tracepoint_comm->domain_type <= LTTNG_DOMAIN_NONE ||
                        tracepoint_comm->domain_type > LTTNG_DOMAIN_PYTHON) {
                /* Invalid domain value. */
        if (tracepoint_comm->domain_type <= LTTNG_DOMAIN_NONE ||
                        tracepoint_comm->domain_type > LTTNG_DOMAIN_PYTHON) {
                /* Invalid domain value. */
@@ -667,12 +662,13 @@ ssize_t lttng_event_rule_tracepoint_create_from_payload(
        /* Map the pattern. */
        current_buffer_view = lttng_buffer_view_from_view(
                        &view->buffer, offset, tracepoint_comm->pattern_len);
        /* Map the pattern. */
        current_buffer_view = lttng_buffer_view_from_view(
                        &view->buffer, offset, tracepoint_comm->pattern_len);
-       pattern = current_buffer_view.data;
-       if (!pattern) {
+
+       if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
                ret = -1;
                goto end;
        }
 
                ret = -1;
                goto end;
        }
 
+       pattern = current_buffer_view.data;
        if (!lttng_buffer_view_contains_string(&current_buffer_view, pattern,
                        tracepoint_comm->pattern_len)) {
                ret = -1;
        if (!lttng_buffer_view_contains_string(&current_buffer_view, pattern,
                        tracepoint_comm->pattern_len)) {
                ret = -1;
@@ -689,12 +685,12 @@ ssize_t lttng_event_rule_tracepoint_create_from_payload(
        /* Map the filter_expression. */
        current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
                        tracepoint_comm->filter_expression_len);
        /* Map the filter_expression. */
        current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
                        tracepoint_comm->filter_expression_len);
-       filter_expression = current_buffer_view.data;
-       if (!filter_expression) {
+       if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
                ret = -1;
                goto end;
        }
 
                ret = -1;
                goto end;
        }
 
+       filter_expression = current_buffer_view.data;
        if (!lttng_buffer_view_contains_string(&current_buffer_view,
                        filter_expression,
                        tracepoint_comm->filter_expression_len)) {
        if (!lttng_buffer_view_contains_string(&current_buffer_view,
                        filter_expression,
                        tracepoint_comm->filter_expression_len)) {
@@ -709,15 +705,21 @@ skip_filter_expression:
        for (i = 0; i < tracepoint_comm->exclusions_count; i++) {
                current_buffer_view = lttng_buffer_view_from_view(
                                &view->buffer, offset, sizeof(*exclusion_len));
        for (i = 0; i < tracepoint_comm->exclusions_count; i++) {
                current_buffer_view = lttng_buffer_view_from_view(
                                &view->buffer, offset, sizeof(*exclusion_len));
-               exclusion_len = (typeof(exclusion_len)) current_buffer_view.data;
-               if (!exclusion_len) {
+               if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
                        ret = -1;
                        goto end;
                }
 
                        ret = -1;
                        goto end;
                }
 
+               exclusion_len = (typeof(exclusion_len)) current_buffer_view.data;
                offset += sizeof(*exclusion_len);
                offset += sizeof(*exclusion_len);
+
                current_buffer_view = lttng_buffer_view_from_view(
                                &view->buffer, offset, *exclusion_len);
                current_buffer_view = lttng_buffer_view_from_view(
                                &view->buffer, offset, *exclusion_len);
+               if (!lttng_buffer_view_is_valid(&current_buffer_view)) {
+                       ret = -1;
+                       goto end;
+               }
+
                exclusion = current_buffer_view.data;
                if (!lttng_buffer_view_contains_string(&current_buffer_view,
                                exclusion, *exclusion_len)) {
                exclusion = current_buffer_view.data;
                if (!lttng_buffer_view_contains_string(&current_buffer_view,
                                exclusion, *exclusion_len)) {
This page took 0.033253 seconds and 4 git commands to generate.