Fix: forbid session name creation if contains /

This adds a validation function for session name which for now denies
any session name containing '/'.

This is in response of bug #721 that actually uses a path as a session
name such as "test/../session1" which would then be concatenated to the
session path adding a relative path to it making this a serious security
issue.

Because of this issue, this is backported from master up to stable-2.3.

Fixes #721

Signed-off-by: David Goulet <dgoulet@efficios.com>

diff --git a/doc/man/lttng.1 b/doc/man/lttng.1
index cef16fa7e43249038ce9331d8278f62e94c5c216..ee0ce2bf2221f24ed67936ea5e626bad61618f09 100644 (file)
--- a/doc/man/lttng.1
+++ b/doc/man/lttng.1
@@ -233,6 +233,8 @@ The $HOME environment variable can be overridden by defining the environment
 variable LTTNG_HOME. This is useful when the user running the commands has
 a non-writeable home directory.
 
+The session name MUST NOT contain the character '/'.
+
 .B OPTIONS:
 
 .TP

diff --git a/include/lttng/lttng-error.h b/include/lttng/lttng-error.h
index 93196fe2be705b5eb6ec37ad8939ba01bfb76c09..94096ca7f31a445933fe7bd5821afcb06e682e0f 100644 (file)
--- a/include/lttng/lttng-error.h
+++ b/include/lttng/lttng-error.h
@@ -103,7 +103,7 @@ enum lttng_error_code {
        LTTNG_ERR_UST_STREAM_FAIL        = 70,  /* UST create stream failed */
        LTTNG_ERR_SNAPSHOT_NODATA        = 71,  /* No data in snapshot. */
        LTTNG_ERR_NO_CHANNEL             = 72,  /* No channel found in the session. */
-       /* 73 */
+       LTTNG_ERR_SESSION_INVALID_CHAR   = 73,  /* Invalid characters found in session name. */
        LTTNG_ERR_UST_LIST_FAIL          = 74,  /* UST listing events failed */
        LTTNG_ERR_UST_EVENT_EXIST        = 75,  /* UST event exist */
        LTTNG_ERR_UST_EVENT_NOT_FOUND    = 76,  /* UST event not found */

diff --git a/src/bin/lttng-sessiond/session.c b/src/bin/lttng-sessiond/session.c
index 07031a30a5c5bc6cf603b84847aac2a866919ede..e7904472fb9f5f19113bef0e247160aaff999d38 100644 (file)
--- a/src/bin/lttng-sessiond/session.c
+++ b/src/bin/lttng-sessiond/session.c
@@ -49,6 +49,42 @@ static struct ltt_session_list ltt_session_list = {
        .next_uuid = 0,
 };
 
+/* These characters are forbidden in a session name. Used by validate_name. */
+static const char *forbidden_name_chars = "/";
+
+/*
+ * Validate the session name for forbidden characters.
+ *
+ * Return 0 on success else -1 meaning a forbidden char. has been found.
+ */
+static int validate_name(const char *name)
+{
+       int ret;
+       char *tok, *tmp_name;
+
+       assert(name);
+
+       tmp_name = strdup(name);
+       if (!tmp_name) {
+               /* ENOMEM here. */
+               ret = -1;
+               goto error;
+       }
+
+       tok = strpbrk(tmp_name, forbidden_name_chars);
+       if (tok) {
+               DBG("Session name %s contains a forbidden character", name);
+               /* Forbidden character has been found. */
+               ret = -1;
+               goto error;
+       }
+       ret = 0;
+
+error:
+       free(tmp_name);
+       return ret;
+}
+
 /*
  * Add a ltt_session structure to the global list.
  *
@@ -194,6 +230,12 @@ int session_create(char *name, uid_t uid, gid_t gid)
                goto error;
        }
 
+       ret = validate_name(name);
+       if (ret < 0) {
+               ret = LTTNG_ERR_SESSION_INVALID_CHAR;
+               goto error;
+       }
+
        ret = gethostname(new_session->hostname, sizeof(new_session->hostname));
        if (ret < 0) {
                if (errno == ENAMETOOLONG) {

diff --git a/src/common/error.c b/src/common/error.c
index bff21ae7139782bf0b5ca49e06418731759abfd0..53b55b93f88385ebb74ec89ab70872bb1b8b30e2 100644 (file)
--- a/src/common/error.c
+++ b/src/common/error.c
@@ -116,6 +116,7 @@ static const char *error_string_array[] = {
        [ ERROR_INDEX(LTTNG_ERR_CHAN_EXIST) ] = "Channel already exists",
        [ ERROR_INDEX(LTTNG_ERR_SNAPSHOT_NODATA) ] = "No data available in snapshot",
        [ ERROR_INDEX(LTTNG_ERR_NO_CHANNEL) ] = "No channel found in the session",
+       [ ERROR_INDEX(LTTNG_ERR_SESSION_INVALID_CHAR) ] = "Invalid character found in session name",
 
        /* Last element */
        [ ERROR_INDEX(LTTNG_ERR_NR) ] = "Unknown error code"