projects / lttng-tools.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cde3e50) | patch
Fix: forbid session name creation if contains /
authorDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 19:45:08 +0000 (14:45 -0500)
committerDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 20:33:51 +0000 (15:33 -0500)
commit1c1c3634276842a00492e24c3adcf847ae21edc3
treeae693e1f04c6307aef2ceb9c31265962b9f02318tree | snapshot
parentcde3e505b7948c15880114268534d21fb1f10a1ccommit | diff
Fix: forbid session name creation if contains /

This adds a validation function for session name which for now denies
any session name containing '/'.

This is in response of bug #721 that actually uses a path as a session
name such as "test/../session1" which would then be concatenated to the
session path adding a relative path to it making this a serious security
issue.

Because of this issue, this is backported from master up to stable-2.3.

Fixes #721

Signed-off-by: David Goulet <dgoulet@efficios.com>
doc/man/lttng.1 diff | blob | blame | history
include/lttng/lttng-error.h diff | blob | blame | history
src/bin/lttng-sessiond/session.c diff | blob | blame | history
src/common/error.c diff | blob | blame | history
LTTng 2.0 tools and control repository
This page took 0.024782 seconds and 4 git commands to generate.