X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=blobdiff_plain;f=src%2Fbin%2Flttng-relayd%2Fsession.c;h=1a1cadfdfa1ba3829efe46f217b014fa4983e511;hp=df6bc102ae19d434464c636d815959ff65bbe924;hb=53eb691c0c1d42e5b3f70697d8295ca4014e1dbc;hpb=cbf53d23cecaca9c6ec71582663c4a8254a9f285

diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c
index df6bc102a..1a1cadfdf 100644
--- a/src/bin/lttng-relayd/session.c
+++ b/src/bin/lttng-relayd/session.c
@@ -23,6 +23,7 @@
 #include <common/time.h>
 #include <common/utils.h>
 #include <common/uuid.h>
+#include <common/compat/path.h>
 #include <urcu/rculist.h>
 
 #include <sys/stat.h>
@@ -217,6 +218,37 @@ end:
 	return ret;
 }
 
+/*
+ * Check if a name is safe to use in a path.
+ *
+ * A name that is deemed "path-safe":
+ *   - Does not contains a path separator (/ or \, platform dependant),
+ *   - Does not start with a '.' (hidden file/folder),
+ *   - Is not empty.
+ */
+static bool is_name_path_safe(const char *name)
+{
+	const size_t name_len = strlen(name);
+
+	/* Not empty. */
+	if (name_len == 0) {
+		WARN("An empty name is not allowed to be used in a path");
+		return false;
+	}
+	/* Does not start with '.'. */
+	if (name[0] == '.') {
+		WARN("Name \"%s\" is not allowed to be used in a path since it starts with '.'", name);
+		return false;
+	}
+	/* Does not contain a path-separator. */
+	if (strchr(name, LTTNG_PATH_SEPARATOR)) {
+		WARN("Name \"%s\" is not allowed to be used in a path since it contains a path separator", name);
+		return false;
+	}
+
+	return true;
+}
+
 /*
  * Create a new session by assigning a new session ID.
  *
@@ -241,9 +273,12 @@ struct relay_session *session_create(const char *session_name,
 	assert(hostname);
 	assert(base_path);
 
-	if (strstr(session_name, ".")) {
-		ERR("Illegal character in session name: \"%s\"",
-				session_name);
+	if (!is_name_path_safe(session_name)) {
+		ERR("Refusing to create session as the provided session name is not path-safe");
+		goto error;
+	}
+	if (!is_name_path_safe(hostname)) {
+		ERR("Refusing to create session as the provided hostname is not path-safe");
 		goto error;
 	}
 	if (strstr(base_path, "../")) {
@@ -251,11 +286,6 @@ struct relay_session *session_create(const char *session_name,
 				base_path);
 		goto error;
 	}
-	if (strstr(hostname, ".")) {
-		ERR("Invalid character in hostname: \"%s\"",
-				hostname);
-		goto error;
-	}
 
 	session = zmalloc(sizeof(*session));
 	if (!session) {
@@ -336,6 +366,7 @@ struct relay_session *session_create(const char *session_name,
 			ERR("Could not find trace chunk: sessiond = {%s}, sessiond session id = %" PRIu64 ", trace chunk id = %" PRIu64,
 					uuid_str, *id_sessiond,
 					*current_chunk_id);
+			goto error;
                 }
 	} else if (!id_sessiond) {
 		/*