projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git]
/
src
/
common
/
session-consumed-size.c
diff --git
a/src/common/session-consumed-size.c
b/src/common/session-consumed-size.c
index dfb72632e26fed863c7463848b354655f3327498..e147d1e5ffcf0536d8e7b32595b39ce9be0f042e 100644
(file)
--- a/
src/common/session-consumed-size.c
+++ b/
src/common/session-consumed-size.c
@@
-65,7
+65,7
@@
end:
static
int lttng_condition_session_consumed_size_serialize(
const struct lttng_condition *condition,
static
int lttng_condition_session_consumed_size_serialize(
const struct lttng_condition *condition,
- struct lttng_
dynamic_buffer *buf
)
+ struct lttng_
payload *payload
)
{
int ret;
size_t session_name_len;
{
int ret;
size_t session_name_len;
@@
-92,12
+92,13
@@
int lttng_condition_session_consumed_size_serialize(
consumed->consumed_threshold_bytes.value;
consumed_comm.session_name_len = (uint32_t) session_name_len;
consumed->consumed_threshold_bytes.value;
consumed_comm.session_name_len = (uint32_t) session_name_len;
- ret = lttng_dynamic_buffer_append(
buf
, &consumed_comm,
+ ret = lttng_dynamic_buffer_append(
&payload->buffer
, &consumed_comm,
sizeof(consumed_comm));
if (ret) {
goto end;
}
sizeof(consumed_comm));
if (ret) {
goto end;
}
- ret = lttng_dynamic_buffer_append(buf, consumed->session_name,
+
+ ret = lttng_dynamic_buffer_append(&payload->buffer, consumed->session_name,
session_name_len);
if (ret) {
goto end;
session_name_len);
if (ret) {
goto end;
@@
-155,24
+156,26
@@
struct lttng_condition *lttng_condition_session_consumed_size_create(void)
}
static
}
static
-ssize_t init_condition_from_
buffer
(struct lttng_condition *condition,
-
const struct lttng_buffer
_view *src_view)
+ssize_t init_condition_from_
payload
(struct lttng_condition *condition,
+
struct lttng_payload
_view *src_view)
{
ssize_t ret, condition_size;
enum lttng_condition_status status;
{
ssize_t ret, condition_size;
enum lttng_condition_status status;
- const struct lttng_condition_session_consumed_size_comm *condition_comm;
const char *session_name;
const char *session_name;
- struct lttng_buffer_view names_view;
+ struct lttng_buffer_view session_name_view;
+ const struct lttng_condition_session_consumed_size_comm *condition_comm;
+ struct lttng_payload_view condition_comm_view = lttng_payload_view_from_view(
+ src_view, 0, sizeof(*condition_comm));
- if (
src_view->size < sizeof(*condition_comm
)) {
+ if (
!lttng_payload_view_is_valid(&condition_comm_view
)) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
- condition_comm = (
const struct lttng_condition_session_consumed_size_comm *) src_view->
data;
-
names_view = lttng_buffer_view_from_view(src_view
,
- sizeof(*condition_comm),
-1
);
+ condition_comm = (
typeof(condition_comm)) condition_comm_view.buffer.
data;
+
session_name_view = lttng_buffer_view_from_view(&src_view->buffer
,
+ sizeof(*condition_comm),
condition_comm->session_name_len
);
if (condition_comm->session_name_len > LTTNG_NAME_MAX) {
ERR("Failed to initialize from malformed condition buffer: name exceeds LTTNG_MAX_NAME");
if (condition_comm->session_name_len > LTTNG_NAME_MAX) {
ERR("Failed to initialize from malformed condition buffer: name exceeds LTTNG_MAX_NAME");
@@
-180,7
+183,7
@@
ssize_t init_condition_from_buffer(struct lttng_condition *condition,
goto end;
}
goto end;
}
- if (
names_view.size < condition_comm->session_name_len
) {
+ if (
!lttng_buffer_view_is_valid(&session_name_view)
) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain element names");
ret = -1;
goto end;
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain element names");
ret = -1;
goto end;
@@
-194,7
+197,7
@@
ssize_t init_condition_from_buffer(struct lttng_condition *condition,
goto end;
}
goto end;
}
- session_name =
names
_view.data;
+ session_name =
session_name
_view.data;
if (*(session_name + condition_comm->session_name_len - 1) != '\0') {
ERR("Malformed session name encountered in condition buffer");
ret = -1;
if (*(session_name + condition_comm->session_name_len - 1) != '\0') {
ERR("Malformed session name encountered in condition buffer");
ret = -1;
@@
-222,8
+225,8
@@
end:
}
LTTNG_HIDDEN
}
LTTNG_HIDDEN
-ssize_t lttng_condition_session_consumed_size_create_from_
buffer
(
-
const struct lttng_buffer
_view *view,
+ssize_t lttng_condition_session_consumed_size_create_from_
payload
(
+
struct lttng_payload
_view *view,
struct lttng_condition **_condition)
{
ssize_t ret;
struct lttng_condition **_condition)
{
ssize_t ret;
@@
-235,7
+238,7
@@
ssize_t lttng_condition_session_consumed_size_create_from_buffer(
goto error;
}
goto error;
}
- ret = init_condition_from_
buffer
(condition, view);
+ ret = init_condition_from_
payload
(condition, view);
if (ret < 0) {
goto error;
}
if (ret < 0) {
goto error;
}
@@
-248,14
+251,14
@@
error:
}
static
}
static
-struct lttng_evaluation *create_evaluation_from_
buffer
(
- const struct lttng_
buffer
_view *view)
+struct lttng_evaluation *create_evaluation_from_
payload
(
+ const struct lttng_
payload
_view *view)
{
const struct lttng_evaluation_session_consumed_size_comm *comm =
{
const struct lttng_evaluation_session_consumed_size_comm *comm =
- (
const struct lttng_evaluation_session_consumed_size_comm *) view->
data;
+ (
typeof(comm)) view->buffer.
data;
struct lttng_evaluation *evaluation = NULL;
struct lttng_evaluation *evaluation = NULL;
- if (view->size < sizeof(*comm)) {
+ if (view->
buffer.
size < sizeof(*comm)) {
goto end;
}
goto end;
}
@@
-266,8
+269,8
@@
end:
}
LTTNG_HIDDEN
}
LTTNG_HIDDEN
-ssize_t lttng_evaluation_session_consumed_size_create_from_
buffer
(
-
const struct lttng_buffer
_view *view,
+ssize_t lttng_evaluation_session_consumed_size_create_from_
payload
(
+
struct lttng_payload
_view *view,
struct lttng_evaluation **_evaluation)
{
ssize_t ret;
struct lttng_evaluation **_evaluation)
{
ssize_t ret;
@@
-278,7
+281,7
@@
ssize_t lttng_evaluation_session_consumed_size_create_from_buffer(
goto error;
}
goto error;
}
- evaluation = create_evaluation_from_
buffer
(view);
+ evaluation = create_evaluation_from_
payload
(view);
if (!evaluation) {
ret = -1;
goto error;
if (!evaluation) {
ret = -1;
goto error;
@@
-393,15
+396,16
@@
end:
static
int lttng_evaluation_session_consumed_size_serialize(
const struct lttng_evaluation *evaluation,
static
int lttng_evaluation_session_consumed_size_serialize(
const struct lttng_evaluation *evaluation,
- struct lttng_
dynamic_buffer *buf
)
+ struct lttng_
payload *payload
)
{
struct lttng_evaluation_session_consumed_size *consumed;
struct lttng_evaluation_session_consumed_size_comm comm;
{
struct lttng_evaluation_session_consumed_size *consumed;
struct lttng_evaluation_session_consumed_size_comm comm;
- consumed = container_of(evaluation,
struct lttng_evaluation_session_consumed_size,
- parent);
+ consumed = container_of(evaluation,
+
struct lttng_evaluation_session_consumed_size,
parent);
comm.session_consumed = consumed->session_consumed;
comm.session_consumed = consumed->session_consumed;
- return lttng_dynamic_buffer_append(buf, &comm, sizeof(comm));
+ return lttng_dynamic_buffer_append(
+ &payload->buffer, &comm, sizeof(comm));
}
static
}
static
This page took
0.02577 seconds
and
4
git commands to generate.