projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git]
/
src
/
common
/
session-consumed-size.c
diff --git
a/src/common/session-consumed-size.c
b/src/common/session-consumed-size.c
index 046107343cfd9c517266dc220d25513d7b725376..e147d1e5ffcf0536d8e7b32595b39ce9be0f042e 100644
(file)
--- a/
src/common/session-consumed-size.c
+++ b/
src/common/session-consumed-size.c
@@
-161,19
+161,21
@@
ssize_t init_condition_from_payload(struct lttng_condition *condition,
{
ssize_t ret, condition_size;
enum lttng_condition_status status;
{
ssize_t ret, condition_size;
enum lttng_condition_status status;
- const struct lttng_condition_session_consumed_size_comm *condition_comm;
const char *session_name;
const char *session_name;
- struct lttng_buffer_view names_view;
+ struct lttng_buffer_view session_name_view;
+ const struct lttng_condition_session_consumed_size_comm *condition_comm;
+ struct lttng_payload_view condition_comm_view = lttng_payload_view_from_view(
+ src_view, 0, sizeof(*condition_comm));
- if (
src_view->buffer.size < sizeof(*condition_comm
)) {
+ if (
!lttng_payload_view_is_valid(&condition_comm_view
)) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
- condition_comm = (typeof(condition_comm))
src_view->
buffer.data;
-
names
_view = lttng_buffer_view_from_view(&src_view->buffer,
- sizeof(*condition_comm),
-1
);
+ condition_comm = (typeof(condition_comm))
condition_comm_view.
buffer.data;
+
session_name
_view = lttng_buffer_view_from_view(&src_view->buffer,
+ sizeof(*condition_comm),
condition_comm->session_name_len
);
if (condition_comm->session_name_len > LTTNG_NAME_MAX) {
ERR("Failed to initialize from malformed condition buffer: name exceeds LTTNG_MAX_NAME");
if (condition_comm->session_name_len > LTTNG_NAME_MAX) {
ERR("Failed to initialize from malformed condition buffer: name exceeds LTTNG_MAX_NAME");
@@
-181,7
+183,7
@@
ssize_t init_condition_from_payload(struct lttng_condition *condition,
goto end;
}
goto end;
}
- if (
names_view.size < condition_comm->session_name_len
) {
+ if (
!lttng_buffer_view_is_valid(&session_name_view)
) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain element names");
ret = -1;
goto end;
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain element names");
ret = -1;
goto end;
@@
-195,7
+197,7
@@
ssize_t init_condition_from_payload(struct lttng_condition *condition,
goto end;
}
goto end;
}
- session_name =
names
_view.data;
+ session_name =
session_name
_view.data;
if (*(session_name + condition_comm->session_name_len - 1) != '\0') {
ERR("Malformed session name encountered in condition buffer");
ret = -1;
if (*(session_name + condition_comm->session_name_len - 1) != '\0') {
ERR("Malformed session name encountered in condition buffer");
ret = -1;
This page took
0.023937 seconds
and
4
git commands to generate.