projects / lttng-tools.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git] / src / lib / lttng-ctl / lttng-ctl.c
diff --git a/src/lib/lttng-ctl/lttng-ctl.c b/src/lib/lttng-ctl/lttng-ctl.c
index 784597e20ef3188373dc898fe9a45976381ccbbf..001abffcd925705fbcee43a613ed055e2cea50c7 100644 (file)
--- a/src/lib/lttng-ctl/lttng-ctl.c
+++ b/src/lib/lttng-ctl/lttng-ctl.c
@@ -2243,7 +2243,7 @@ int lttng_list_events(struct lttng_handle *handle,
 
        cmd_header_view = lttng_buffer_view_from_dynamic_buffer(
                &payload.buffer, 0, sizeof(*cmd_header));
-       if (!cmd_header_view.data) {
+       if (!lttng_buffer_view_is_valid(&cmd_header_view)) {
                ret = -LTTNG_ERR_INVALID_PROTOCOL;
                goto end;
        }
@@ -2310,6 +2310,11 @@ int lttng_list_events(struct lttng_handle *handle,
                                                                payload_view.buffer.data,
                                                ext_comm->userspace_probe_location_len);
 
+                               if (!lttng_payload_view_is_valid(&probe_location_view)) {
+                                       ret = -LTTNG_ERR_PROBE_LOCATION_INVAL;
+                                       goto end;
+                               }
+
                                /*
                                 * Create a temporary userspace probe location
                                 * to determine the size needed by a "flattened"
@@ -2449,6 +2454,11 @@ int lttng_list_events(struct lttng_handle *handle,
                                                                payload_copy_view.buffer.data,
                                                ext_comm->userspace_probe_location_len);
 
+                               if (!lttng_payload_view_is_valid(&probe_location_view)) {
+                                       ret = -LTTNG_ERR_PROBE_LOCATION_INVAL;
+                                       goto free_dynamic_buffer;
+                               }
+
                                ret = lttng_userspace_probe_location_create_from_payload(
                                                &probe_location_view,
                                                &probe_location);
LTTng 2.0 tools and control repository
This page took 0.023317 seconds and 4 git commands to generate.