projects / lttng-tools.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git] / src / common / notification.c
diff --git a/src/common/notification.c b/src/common/notification.c
index 806c5561936a985142882636423c7e58c09c2269..c347b3ceac891b60ffc2ecb6a98df84653b857f5 100644 (file)
--- a/src/common/notification.c
+++ b/src/common/notification.c
@@ -10,8 +10,8 @@
 #include <lttng/condition/evaluation-internal.h>
 #include <lttng/condition/condition.h>
 #include <lttng/condition/evaluation.h>
 #include <lttng/condition/evaluation-internal.h>
 #include <lttng/condition/condition.h>
 #include <lttng/condition/evaluation.h>
-#include <common/sessiond-comm/payload.h>
-#include <common/sessiond-comm/payload-view.h>
+#include <common/payload.h>
+#include <common/payload-view.h>
 #include <assert.h>
 
 LTTNG_HIDDEN
 #include <assert.h>
 
 LTTNG_HIDDEN
@@ -78,16 +78,25 @@ ssize_t lttng_notification_create_from_payload(
                struct lttng_notification **notification)
 {
        ssize_t ret, notification_size = 0, condition_size, evaluation_size;
                struct lttng_notification **notification)
 {
        ssize_t ret, notification_size = 0, condition_size, evaluation_size;
-       const struct lttng_notification_comm *notification_comm;
        struct lttng_condition *condition;
        struct lttng_evaluation *evaluation;
        struct lttng_condition *condition;
        struct lttng_evaluation *evaluation;
+       const struct lttng_notification_comm *notification_comm;
+       const struct lttng_payload_view notification_comm_view =
+                       lttng_payload_view_from_view(
+                                       src_view, 0, sizeof(*notification_comm));
 
        if (!src_view || !notification) {
                ret = -1;
                goto end;
        }
 
 
        if (!src_view || !notification) {
                ret = -1;
                goto end;
        }
 
-       notification_comm = (typeof(notification_comm)) src_view->buffer.data;
+       if (!lttng_payload_view_is_valid(&notification_comm_view)) {
+               /* Payload not large enough to contain the header. */
+               ret = -1;
+               goto end;
+       }
+
+       notification_comm = (typeof(notification_comm)) notification_comm_view.buffer.data;
        notification_size += sizeof(*notification_comm);
        {
                /* struct lttng_condition */
        notification_size += sizeof(*notification_comm);
        {
                /* struct lttng_condition */
LTTng 2.0 tools and control repository
This page took 0.023573 seconds and 4 git commands to generate.