projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git]
/
src
/
common
/
trigger.c
diff --git
a/src/common/trigger.c
b/src/common/trigger.c
index 26997fd1f21da68796f6a45e8d25633c8ed6d398..785fce3fcf0271e66a3d11a2777905dba3bd04fc 100644
(file)
--- a/
src/common/trigger.c
+++ b/
src/common/trigger.c
@@
-140,14
+140,23
@@
ssize_t lttng_trigger_create_from_payload(
.uid = LTTNG_OPTIONAL_INIT_UNSET,
.gid = LTTNG_OPTIONAL_INIT_UNSET,
};
.uid = LTTNG_OPTIONAL_INIT_UNSET,
.gid = LTTNG_OPTIONAL_INIT_UNSET,
};
+ const struct lttng_payload_view trigger_comm_view =
+ lttng_payload_view_from_view(
+ src_view, 0, sizeof(*trigger_comm));
if (!src_view || !trigger) {
ret = -1;
goto end;
}
if (!src_view || !trigger) {
ret = -1;
goto end;
}
+ if (!lttng_payload_view_is_valid(&trigger_comm_view)) {
+ /* Payload not large enough to contain the header. */
+ ret = -1;
+ goto end;
+ }
+
/* lttng_trigger_comm header */
/* lttng_trigger_comm header */
- trigger_comm = (typeof(trigger_comm))
src_view->
buffer.data;
+ trigger_comm = (typeof(trigger_comm))
trigger_comm_view.
buffer.data;
/* Set the trigger's creds. */
if (trigger_comm->uid > (uint64_t) ((uid_t) -1)) {
/* Set the trigger's creds. */
if (trigger_comm->uid > (uint64_t) ((uid_t) -1)) {
@@
-164,7
+173,13
@@
ssize_t lttng_trigger_create_from_payload(
/* Name. */
const struct lttng_payload_view name_view =
lttng_payload_view_from_view(
/* Name. */
const struct lttng_payload_view name_view =
lttng_payload_view_from_view(
- src_view, offset, trigger_comm->name_length);
+ src_view, offset,
+ trigger_comm->name_length);
+
+ if (!lttng_payload_view_is_valid(&name_view)) {
+ ret = -1;
+ goto end;
+ }
name = name_view.buffer.data;
if (!lttng_buffer_view_contains_string(&name_view.buffer, name,
name = name_view.buffer.data;
if (!lttng_buffer_view_contains_string(&name_view.buffer, name,
This page took
0.023479 seconds
and
4
git commands to generate.