X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=blobdiff_plain;f=src%2Fbin%2Flttng-relayd%2Fcmd-2-11.c;h=cd23f22d6f3405bcf9913db0c4d97dff7b6736dc;hp=c513130ab6fa40709a95151c885a9479cac80d87;hb=3e6e0df2f8f9f23d252c2508b6d741916dfcc4b3;hpb=6fa5fe7cc78bea0b0bba154a0f911d3df530e18f

diff --git a/src/bin/lttng-relayd/cmd-2-11.c b/src/bin/lttng-relayd/cmd-2-11.c
index c513130ab..cd23f22d6 100644
--- a/src/bin/lttng-relayd/cmd-2-11.c
+++ b/src/bin/lttng-relayd/cmd-2-11.c
@@ -1,18 +1,8 @@
 /*
- * Copyright (C) 2018 - Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
+ * Copyright (C) 2018 Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
  *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License, version 2 only, as
- * published by the Free Software Foundation.
+ * SPDX-License-Identifier: GPL-2.0-only
  *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
 #define _LGPL_SOURCE
@@ -34,7 +24,8 @@ int cmd_create_session_2_11(const struct lttng_buffer_view *payload,
 		uint32_t *live_timer, bool *snapshot,
 		uint64_t *id_sessiond, lttng_uuid sessiond_uuid,
 		bool *has_current_chunk, uint64_t *current_chunk_id,
-		time_t *creation_time)
+		time_t *creation_time,
+		bool *session_name_contains_creation_time)
 {
 	int ret;
 	struct lttcomm_relayd_create_session_2_11 header;
@@ -77,6 +68,10 @@ int cmd_create_session_2_11(const struct lttng_buffer_view *payload,
 		ret = -ENAMETOOLONG;
 		ERR("Length of session name (%" PRIu32 " bytes) received in create_session command exceeds maximum length (%d bytes)", header.session_name_len, LTTNG_NAME_MAX);
 		goto error;
+	} else if (header.session_name_len == 0) {
+		ret = -EINVAL;
+		ERR("Illegal session name length of 0 received");
+		goto error;
 	}
 	if (header.hostname_len > LTTNG_HOST_NAME_MAX) {
 		ret = -ENAMETOOLONG;
@@ -92,12 +87,29 @@ int cmd_create_session_2_11(const struct lttng_buffer_view *payload,
 	offset = header_len;
 	session_name_view = lttng_buffer_view_from_view(payload, offset,
 			header.session_name_len);
+	if (!lttng_buffer_view_is_valid(&session_name_view)) {
+		ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain session name");
+		ret = -1;
+		goto error;
+	}
+
 	offset += header.session_name_len;
 	hostname_view = lttng_buffer_view_from_view(payload,
 			offset, header.hostname_len);
+	if (!lttng_buffer_view_is_valid(&hostname_view)) {
+		ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain hostname");
+		ret = -1;
+		goto error;
+	}
+
 	offset += header.hostname_len;
 	base_path_view = lttng_buffer_view_from_view(payload,
 			offset, header.base_path_len);
+	if (header.base_path_len > 0 && !lttng_buffer_view_is_valid(&base_path_view)) {
+		ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain base path");
+		ret = -1;
+		goto error;
+	}
 
 	/* Validate that names are NULL terminated. */
 	if (session_name_view.data[session_name_view.size - 1] != '\0') {
@@ -132,6 +144,8 @@ int cmd_create_session_2_11(const struct lttng_buffer_view *payload,
 	*current_chunk_id = header.current_chunk_id.value;
 	*has_current_chunk = header.current_chunk_id.is_set;
 	*creation_time = (time_t) header.creation_time;
+	*session_name_contains_creation_time =
+		header.session_name_contains_creation_time;
 
 	ret = 0;
 
@@ -193,9 +207,12 @@ int cmd_recv_stream_2_11(const struct lttng_buffer_view *payload,
 
 	/* Validate that names are (NULL terminated. */
 	channel_name_view = lttng_buffer_view_from_view(payload, header_len,
-			    header.channel_name_len);
-	pathname_view = lttng_buffer_view_from_view(payload,
-			header_len + header.channel_name_len, header.pathname_len);
+			header.channel_name_len);
+	if (!lttng_buffer_view_is_valid(&channel_name_view)) {
+		ERR("Invalid payload received in \"cmd_recv_stream_2_11\": buffer too short for channel name");
+		ret = -1;
+		goto error;
+	}
 
 	if (channel_name_view.data[channel_name_view.size - 1] != '\0') {
 		ERR("cmd_recv_stream_2_11 channel_name is invalid (not NULL terminated)");
@@ -203,6 +220,14 @@ int cmd_recv_stream_2_11(const struct lttng_buffer_view *payload,
 		goto error;
 	}
 
+	pathname_view = lttng_buffer_view_from_view(payload,
+			header_len + header.channel_name_len, header.pathname_len);
+	if (!lttng_buffer_view_is_valid(&pathname_view)) {
+		ERR("Invalid payload received in \"cmd_recv_stream_2_11\": buffer too short for path name");
+		ret = -1;
+		goto error;
+	}
+
 	if (pathname_view.data[pathname_view.size - 1] != '\0') {
 		ERR("cmd_recv_stream_2_11 patname is invalid (not NULL terminated)");
 		ret = -1;