Fix: forbid session name creation if contains /
authorDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 19:45:08 +0000 (14:45 -0500)
committerDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 20:33:51 +0000 (15:33 -0500)
commit1c1c3634276842a00492e24c3adcf847ae21edc3
treeae693e1f04c6307aef2ceb9c31265962b9f02318
parentcde3e505b7948c15880114268534d21fb1f10a1c
Fix: forbid session name creation if contains /

This adds a validation function for session name which for now denies
any session name containing '/'.

This is in response of bug #721 that actually uses a path as a session
name such as "test/../session1" which would then be concatenated to the
session path adding a relative path to it making this a serious security
issue.

Because of this issue, this is backported from master up to stable-2.3.

Fixes #721

Signed-off-by: David Goulet <dgoulet@efficios.com>
doc/man/lttng.1
include/lttng/lttng-error.h
src/bin/lttng-sessiond/session.c
src/common/error.c
This page took 0.034453 seconds and 4 git commands to generate.