A number of object de-serialization functions rely on a
fixed-size communication header to create an object from
a payload.
A large number of those functions assume that the initial
header fits in the provided buffer or payload view. Also,
the functions that do validate that the header fits do so
in different ways:
- checking the view's size,
- creating a new fixed-size view and checking the 'data' pointer.
To harmonize all of those checks, the following utils are added:
- lttng_buffer_view_is_valid()
- lttng_payload_view_is_valid()
These functions should be used whenever a fixed-size view is
created (not passing -1 as the length parameter).
The checks are added and/or harmonized to:
- create a new 'header' view,
- validate it with the corresponding *_is_valid() function,
- initialize the header pointer using the header view.
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I763946feac714ecef4fc5bd427dab2d3fe5dc1a4
29 files changed:
offset = header_len;
session_name_view = lttng_buffer_view_from_view(payload, offset,
header.session_name_len);
offset = header_len;
session_name_view = lttng_buffer_view_from_view(payload, offset,
header.session_name_len);
+ if (!lttng_buffer_view_is_valid(&session_name_view)) {
+ ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain session name");
+ ret = -1;
+ goto error;
+ }
+
offset += header.session_name_len;
hostname_view = lttng_buffer_view_from_view(payload,
offset, header.hostname_len);
offset += header.session_name_len;
hostname_view = lttng_buffer_view_from_view(payload,
offset, header.hostname_len);
+ if (!lttng_buffer_view_is_valid(&hostname_view)) {
+ ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain hostname");
+ ret = -1;
+ goto error;
+ }
+
offset += header.hostname_len;
base_path_view = lttng_buffer_view_from_view(payload,
offset, header.base_path_len);
offset += header.hostname_len;
base_path_view = lttng_buffer_view_from_view(payload,
offset, header.base_path_len);
+ if (header.base_path_len > 0 && !lttng_buffer_view_is_valid(&base_path_view)) {
+ ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain base path");
+ ret = -1;
+ goto error;
+ }
/* Validate that names are NULL terminated. */
if (session_name_view.data[session_name_view.size - 1] != '\0') {
/* Validate that names are NULL terminated. */
if (session_name_view.data[session_name_view.size - 1] != '\0') {
/* Validate that names are (NULL terminated. */
channel_name_view = lttng_buffer_view_from_view(payload, header_len,
/* Validate that names are (NULL terminated. */
channel_name_view = lttng_buffer_view_from_view(payload, header_len,
- header.channel_name_len);
- pathname_view = lttng_buffer_view_from_view(payload,
- header_len + header.channel_name_len, header.pathname_len);
+ header.channel_name_len);
+ if (!lttng_buffer_view_is_valid(&channel_name_view)) {
+ ERR("Invalid payload received in \"cmd_recv_stream_2_11\": buffer too short for channel name");
+ ret = -1;
+ goto error;
+ }
if (channel_name_view.data[channel_name_view.size - 1] != '\0') {
ERR("cmd_recv_stream_2_11 channel_name is invalid (not NULL terminated)");
if (channel_name_view.data[channel_name_view.size - 1] != '\0') {
ERR("cmd_recv_stream_2_11 channel_name is invalid (not NULL terminated)");
+ pathname_view = lttng_buffer_view_from_view(payload,
+ header_len + header.channel_name_len, header.pathname_len);
+ if (!lttng_buffer_view_is_valid(&pathname_view)) {
+ ERR("Invalid payload received in \"cmd_recv_stream_2_11\": buffer too short for path name");
+ ret = -1;
+ goto error;
+ }
+
if (pathname_view.data[pathname_view.size - 1] != '\0') {
ERR("cmd_recv_stream_2_11 patname is invalid (not NULL terminated)");
ret = -1;
if (pathname_view.data[pathname_view.size - 1] != '\0') {
ERR("cmd_recv_stream_2_11 patname is invalid (not NULL terminated)");
ret = -1;
packet_view = lttng_buffer_view_from_view(payload,
sizeof(metadata_payload_header), metadata_payload_size);
packet_view = lttng_buffer_view_from_view(payload,
sizeof(metadata_payload_header), metadata_payload_size);
- if (!packet_view.data) {
+ if (!lttng_buffer_view_is_valid(&packet_view)) {
ERR("Invalid metadata packet length announced by header");
ret = -1;
goto end_put;
ERR("Invalid metadata packet length announced by header");
ret = -1;
goto end_put;
struct lttcomm_relayd_create_trace_chunk *msg;
struct lttcomm_relayd_generic_reply reply = {};
struct lttng_buffer_view header_view;
struct lttcomm_relayd_create_trace_chunk *msg;
struct lttcomm_relayd_generic_reply reply = {};
struct lttng_buffer_view header_view;
- struct lttng_buffer_view chunk_name_view;
struct lttng_trace_chunk *chunk = NULL, *published_chunk = NULL;
enum lttng_error_code reply_code = LTTNG_OK;
enum lttng_trace_chunk_status chunk_status;
struct lttng_trace_chunk *chunk = NULL, *published_chunk = NULL;
enum lttng_error_code reply_code = LTTNG_OK;
enum lttng_trace_chunk_status chunk_status;
}
header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
}
header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
- if (!header_view.data) {
+ if (!lttng_buffer_view_is_valid(&header_view)) {
ERR("Failed to receive payload of chunk creation command");
ret = -1;
goto end_no_reply;
ERR("Failed to receive payload of chunk creation command");
ret = -1;
goto end_no_reply;
if (msg->override_name_length) {
const char *name;
if (msg->override_name_length) {
const char *name;
+ const struct lttng_buffer_view chunk_name_view =
+ lttng_buffer_view_from_view(payload,
+ sizeof(*msg),
+ msg->override_name_length);
+
+ if (!lttng_buffer_view_is_valid(&chunk_name_view)) {
+ ERR("Invalid payload of chunk creation command (protocol error): buffer too short for expected name length");
+ ret = -1;
+ reply_code = LTTNG_ERR_INVALID;
+ goto end;
+ }
- chunk_name_view = lttng_buffer_view_from_view(payload,
- sizeof(*msg),
- msg->override_name_length);
name = chunk_name_view.data;
name = chunk_name_view.data;
- if (!name || name[msg->override_name_length - 1]) {
- ERR("Failed to receive payload of chunk creation command");
+ if (name[msg->override_name_length - 1]) {
+ ERR("Invalid payload of chunk creation command (protocol error): name is not null-terminated");
ret = -1;
reply_code = LTTNG_ERR_INVALID;
goto end;
ret = -1;
reply_code = LTTNG_ERR_INVALID;
goto end;
}
header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
}
header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
- if (!header_view.data) {
+ if (!lttng_buffer_view_is_valid(&header_view)) {
ERR("Failed to receive payload of chunk close command");
ret = -1;
goto end_no_reply;
ERR("Failed to receive payload of chunk close command");
ret = -1;
goto end_no_reply;
}
header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
}
header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
- if (!header_view.data) {
+ if (!lttng_buffer_view_is_valid(&header_view)) {
ERR("Failed to receive payload of chunk exists command");
ret = -1;
goto end_no_reply;
ERR("Failed to receive payload of chunk exists command");
ret = -1;
goto end_no_reply;
uint64_t result_flags = 0;
header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
uint64_t result_flags = 0;
header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
- if (!header_view.data) {
+ if (!lttng_buffer_view_is_valid(&header_view)) {
ERR("Failed to receive payload of chunk close command");
ret = -1;
goto end_no_reply;
ERR("Failed to receive payload of chunk close command");
ret = -1;
goto end_no_reply;
payload_view = lttng_buffer_view_from_dynamic_buffer(
&payload, 0, name_len);
payload_view = lttng_buffer_view_from_dynamic_buffer(
&payload, 0, name_len);
+ if (name_len > 0 && !lttng_buffer_view_is_valid(&payload_view)) {
+ ret = LTTNG_ERR_INVALID_PROTOCOL;
+ goto error_add_remove_tracker_value;
+ }
+
/*
* Validate the value type and domains are legal for the process
* attribute tracker that is specified and convert the value to
/*
* Validate the value type and domains are legal for the process
* attribute tracker that is specified and convert the value to
&payload,
0,
cmd_ctx->lsm.u.create_session.home_dir_size);
&payload,
0,
cmd_ctx->lsm.u.create_session.home_dir_size);
+ if (cmd_ctx->lsm.u.create_session.home_dir_size > 0 &&
+ !lttng_buffer_view_is_valid(&home_dir_view)) {
+ ERR("Invalid payload in \"create session\" command: buffer too short to contain home directory");
+ ret_code = LTTNG_ERR_INVALID_PROTOCOL;
+ goto error;
+ }
+
session_descriptor_view = lttng_buffer_view_from_dynamic_buffer(
&payload,
cmd_ctx->lsm.u.create_session.home_dir_size,
cmd_ctx->lsm.u.create_session.session_descriptor_size);
session_descriptor_view = lttng_buffer_view_from_dynamic_buffer(
&payload,
cmd_ctx->lsm.u.create_session.home_dir_size,
cmd_ctx->lsm.u.create_session.session_descriptor_size);
+ if (!lttng_buffer_view_is_valid(&session_descriptor_view)) {
+ ERR("Invalid payload in \"create session\" command: buffer too short to contain session descriptor");
+ ret_code = LTTNG_ERR_INVALID_PROTOCOL;
+ goto error;
+ }
ret = lttng_session_descriptor_create_from_buffer(
&session_descriptor_view, &session_descriptor);
ret = lttng_session_descriptor_create_from_buffer(
&session_descriptor_view, &session_descriptor);
struct lttng_action **action)
{
ssize_t consumed_len, specific_action_consumed_len;
struct lttng_action **action)
{
ssize_t consumed_len, specific_action_consumed_len;
- const struct lttng_action_comm *action_comm;
action_create_from_payload_cb create_from_payload_cb;
action_create_from_payload_cb create_from_payload_cb;
+ const struct lttng_action_comm *action_comm;
+ const struct lttng_payload_view action_comm_view =
+ lttng_payload_view_from_view(
+ view, 0, sizeof(*action_comm));
if (!view || !action) {
consumed_len = -1;
goto end;
}
if (!view || !action) {
consumed_len = -1;
goto end;
}
- action_comm = (const struct lttng_action_comm *) view->buffer.data;
+ if (!lttng_payload_view_is_valid(&action_comm_view)) {
+ /* Payload not large enough to contain the header. */
+ consumed_len = -1;
+ goto end;
+ }
+
+ action_comm = (const struct lttng_action_comm *) action_comm_view.buffer.data;
DBG("Create action from payload: action-type=%s",
lttng_action_type_string(action_comm->action_type));
DBG("Create action from payload: action-type=%s",
lttng_action_type_string(action_comm->action_type));
lttng_payload_view_from_view(view, consumed_len,
view->buffer.size - consumed_len);
lttng_payload_view_from_view(view, consumed_len,
view->buffer.size - consumed_len);
+ if (!lttng_payload_view_is_valid(&child_view)) {
+ consumed_len = -1;
+ goto end;
+ }
+
consumed_len_child = lttng_action_create_from_payload(
&child_view, &child_action);
if (consumed_len_child < 0) {
consumed_len_child = lttng_action_create_from_payload(
&child_view, &child_action);
if (consumed_len_child < 0) {
struct lttng_action **p_action)
{
ssize_t consumed_len;
struct lttng_action **p_action)
{
ssize_t consumed_len;
- const struct lttng_action_snapshot_session_comm *comm;
const char *variable_data;
struct lttng_action *action;
enum lttng_action_status status;
struct lttng_snapshot_output *snapshot_output = NULL;
const char *variable_data;
struct lttng_action *action;
enum lttng_action_status status;
struct lttng_snapshot_output *snapshot_output = NULL;
+ const struct lttng_action_snapshot_session_comm *comm;
+ const struct lttng_payload_view snapshot_session_comm_view =
+ lttng_payload_view_from_view(
+ view, 0, sizeof(*comm));
action = lttng_action_snapshot_session_create();
if (!action) {
goto error;
}
action = lttng_action_snapshot_session_create();
if (!action) {
goto error;
}
- comm = (typeof(comm)) view->buffer.data;
+ if (!lttng_payload_view_is_valid(&snapshot_session_comm_view)) {
+ /* Payload not large enough to contain the header. */
+ goto error;
+ }
+
+ comm = (typeof(comm)) snapshot_session_comm_view.buffer.data;
variable_data = (const char *) &comm->data;
consumed_len = sizeof(struct lttng_action_snapshot_session_comm);
variable_data = (const char *) &comm->data;
consumed_len = sizeof(struct lttng_action_snapshot_session_comm);
lttng_payload_view_from_view(view, consumed_len,
comm->snapshot_output_len);
lttng_payload_view_from_view(view, consumed_len,
comm->snapshot_output_len);
- if (!snapshot_output_buffer_view.buffer.data) {
+ if (!lttng_payload_view_is_valid(&snapshot_output_buffer_view)) {
ERR("Failed to create buffer view for snapshot output.");
goto error;
}
ERR("Failed to create buffer view for snapshot output.");
goto error;
}
ssize_t ret, condition_size;
enum lttng_condition_status status;
enum lttng_domain_type domain_type;
ssize_t ret, condition_size;
enum lttng_condition_status status;
enum lttng_domain_type domain_type;
- const struct lttng_condition_buffer_usage_comm *condition_comm;
const char *session_name, *channel_name;
struct lttng_buffer_view names_view;
const char *session_name, *channel_name;
struct lttng_buffer_view names_view;
+ const struct lttng_condition_buffer_usage_comm *condition_comm;
+ const struct lttng_payload_view condition_comm_view =
+ lttng_payload_view_from_view(
+ src_view, 0, sizeof(*condition_comm));
- if (src_view->buffer.size < sizeof(*condition_comm)) {
+ if (!lttng_payload_view_is_valid(&condition_comm_view)) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
- condition_comm = (typeof(condition_comm)) src_view->buffer.data;
+ condition_comm = (typeof(condition_comm)) condition_comm_view.buffer.data;
names_view = lttng_buffer_view_from_view(&src_view->buffer,
sizeof(*condition_comm), -1);
names_view = lttng_buffer_view_from_view(&src_view->buffer,
sizeof(*condition_comm), -1);
+LTTNG_HIDDEN
+bool lttng_buffer_view_is_valid(const struct lttng_buffer_view *view)
+{
+ return view && view->data && view->size > 0;
+}
+
LTTNG_HIDDEN
struct lttng_buffer_view lttng_buffer_view_from_view(
const struct lttng_buffer_view *src, size_t offset,
LTTNG_HIDDEN
struct lttng_buffer_view lttng_buffer_view_from_view(
const struct lttng_buffer_view *src, size_t offset,
struct lttng_buffer_view lttng_buffer_view_init(
const char *src, size_t offset, ptrdiff_t len);
struct lttng_buffer_view lttng_buffer_view_init(
const char *src, size_t offset, ptrdiff_t len);
+/**
+ * Checks if a buffer view is safe to access.
+ *
+ * After calling the buffer view creation functions, callers should verify
+ * if the resquested length (if any is explicitly provided) could be mapped
+ * to a new view.
+ */
+LTTNG_HIDDEN
+bool lttng_buffer_view_is_valid(const struct lttng_buffer_view *view);
+
/**
* Return a buffer view referencing a subset of the memory referenced by another
* view.
/**
* Return a buffer view referencing a subset of the memory referenced by another
* view.
struct lttng_condition **condition)
{
ssize_t ret, condition_size = 0;
struct lttng_condition **condition)
{
ssize_t ret, condition_size = 0;
- const struct lttng_condition_comm *condition_comm;
condition_create_from_payload_cb create_from_payload = NULL;
condition_create_from_payload_cb create_from_payload = NULL;
+ const struct lttng_condition_comm *condition_comm;
+ const struct lttng_payload_view condition_comm_view =
+ lttng_payload_view_from_view(
+ view, 0, sizeof(*condition_comm));
if (!view || !condition) {
ret = -1;
goto end;
}
if (!view || !condition) {
ret = -1;
goto end;
}
+ if (!lttng_payload_view_is_valid(&condition_comm_view)) {
+ /* Payload not large enough to contain the header. */
+ ret = -1;
+ goto end;
+ }
+
DBG("Deserializing condition from buffer");
DBG("Deserializing condition from buffer");
- condition_comm = (typeof(condition_comm)) view->buffer.data;
+ condition_comm = (typeof(condition_comm)) condition_comm_view.buffer.data;
condition_size += sizeof(*condition_comm);
switch ((enum lttng_condition_type) condition_comm->condition_type) {
condition_size += sizeof(*condition_comm);
switch ((enum lttng_condition_type) condition_comm->condition_type) {
{
ssize_t ret, evaluation_size = 0;
const struct lttng_evaluation_comm *evaluation_comm;
{
ssize_t ret, evaluation_size = 0;
const struct lttng_evaluation_comm *evaluation_comm;
- struct lttng_payload_view evaluation_view = src_view ?
+ struct lttng_payload_view evaluation_comm_view =
+ lttng_payload_view_from_view(
+ src_view, 0, sizeof(*evaluation_comm));
+ struct lttng_payload_view evaluation_view =
lttng_payload_view_from_view(src_view,
lttng_payload_view_from_view(src_view,
- sizeof(*evaluation_comm), -1) :
- (typeof(evaluation_view)) {};
+ sizeof(*evaluation_comm), -1);
if (!src_view || !evaluation) {
ret = -1;
goto end;
}
if (!src_view || !evaluation) {
ret = -1;
goto end;
}
- evaluation_comm = (typeof(evaluation_comm)) src_view->buffer.data;
+ if (!lttng_payload_view_is_valid(&evaluation_comm_view)) {
+ ret = -1;
+ goto end;
+ }
+
+ evaluation_comm = (typeof(evaluation_comm)) evaluation_comm_view.buffer.data;
evaluation_size += sizeof(*evaluation_comm);
switch ((enum lttng_condition_type) evaluation_comm->type) {
evaluation_size += sizeof(*evaluation_comm);
switch ((enum lttng_condition_type) evaluation_comm->type) {
struct lttng_event_rule **event_rule)
{
ssize_t ret, consumed = 0;
struct lttng_event_rule **event_rule)
{
ssize_t ret, consumed = 0;
- const struct lttng_event_rule_comm *event_rule_comm;
event_rule_create_from_payload_cb create_from_payload = NULL;
event_rule_create_from_payload_cb create_from_payload = NULL;
+ const struct lttng_event_rule_comm *event_rule_comm;
+ const struct lttng_payload_view event_rule_comm_view =
+ lttng_payload_view_from_view(
+ view, 0, sizeof(*event_rule_comm));
if (!view || !event_rule) {
ret = -1;
goto end;
}
if (!view || !event_rule) {
ret = -1;
goto end;
}
+ if (!lttng_payload_view_is_valid(&event_rule_comm_view)) {
+ ret = -1;
+ goto end;
+ }
+
DBG("Deserializing event_rule from payload.");
DBG("Deserializing event_rule from payload.");
- event_rule_comm = (const struct lttng_event_rule_comm *) view->buffer.data;
+ event_rule_comm = (const struct lttng_event_rule_comm *) event_rule_comm_view.buffer.data;
consumed += sizeof(*event_rule_comm);
switch ((enum lttng_event_rule_type) event_rule_comm->event_rule_type) {
consumed += sizeof(*event_rule_comm);
switch ((enum lttng_event_rule_type) event_rule_comm->event_rule_type) {
- if (view->buffer.size < sizeof(*kprobe_comm)) {
+ current_buffer_view = lttng_buffer_view_from_view(
+ &view->buffer, offset, sizeof(*kprobe_comm));
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
ERR("Failed to initialize from malformed event rule kprobe: buffer too short to contain header.");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed event rule kprobe: buffer too short to contain header.");
ret = -1;
goto end;
}
- current_buffer_view = lttng_buffer_view_from_view(
- &view->buffer, offset, sizeof(*kprobe_comm));
kprobe_comm = (typeof(kprobe_comm)) current_buffer_view.data;
kprobe_comm = (typeof(kprobe_comm)) current_buffer_view.data;
- if (!kprobe_comm) {
- ret = -1;
- goto end;
- }
rule = lttng_event_rule_kprobe_create();
if (!rule) {
rule = lttng_event_rule_kprobe_create();
if (!rule) {
lttng_payload_view_from_view(view, offset,
kprobe_comm->name_len);
lttng_payload_view_from_view(view, offset,
kprobe_comm->name_len);
- name = current_payload_view.buffer.data;
- if (!name) {
+ if (!lttng_payload_view_is_valid(¤t_payload_view)) {
+ name = current_payload_view.buffer.data;
if (!lttng_buffer_view_contains_string(
¤t_payload_view.buffer, name,
kprobe_comm->name_len)) {
if (!lttng_buffer_view_contains_string(
¤t_payload_view.buffer, name,
kprobe_comm->name_len)) {
lttng_payload_view_from_view(view, offset,
kprobe_comm->location_len);
lttng_payload_view_from_view(view, offset,
kprobe_comm->location_len);
+ if (!lttng_payload_view_is_valid(¤t_payload_view)) {
+ ret = -1;
+ goto end;
+ }
+
ret = lttng_kernel_probe_location_create_from_payload(
¤t_payload_view, &location);
if (ret < 0) {
ret = lttng_kernel_probe_location_create_from_payload(
¤t_payload_view, &location);
if (ret < 0) {
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, sizeof(*syscall_comm));
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, sizeof(*syscall_comm));
- syscall_comm = (typeof(syscall_comm)) current_buffer_view.data;
-
- if (!syscall_comm) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ syscall_comm = (typeof(syscall_comm)) current_buffer_view.data;
rule = lttng_event_rule_syscall_create();
if (!rule) {
ERR("Failed to create event rule syscall");
rule = lttng_event_rule_syscall_create();
if (!rule) {
ERR("Failed to create event rule syscall");
/* Map the pattern. */
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, syscall_comm->pattern_len);
/* Map the pattern. */
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, syscall_comm->pattern_len);
- pattern = current_buffer_view.data;
- if (!pattern) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ pattern = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view, pattern,
syscall_comm->pattern_len)) {
ret = -1;
if (!lttng_buffer_view_contains_string(¤t_buffer_view, pattern,
syscall_comm->pattern_len)) {
ret = -1;
/* Map the filter_expression. */
current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
syscall_comm->filter_expression_len);
/* Map the filter_expression. */
current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
syscall_comm->filter_expression_len);
- filter_expression = current_buffer_view.data;
- if (!filter_expression) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ filter_expression = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
filter_expression,
syscall_comm->filter_expression_len)) {
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
filter_expression,
syscall_comm->filter_expression_len)) {
- if (view->buffer.size < sizeof(*tracepoint_comm)) {
+ current_buffer_view = lttng_buffer_view_from_view(
+ &view->buffer, offset, sizeof(*tracepoint_comm));
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
ERR("Failed to initialize from malformed event rule tracepoint: buffer too short to contain header.");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed event rule tracepoint: buffer too short to contain header.");
ret = -1;
goto end;
}
- current_buffer_view = lttng_buffer_view_from_view(
- &view->buffer, offset, sizeof(*tracepoint_comm));
tracepoint_comm = (typeof(tracepoint_comm)) current_buffer_view.data;
tracepoint_comm = (typeof(tracepoint_comm)) current_buffer_view.data;
- if (!tracepoint_comm) {
- ret = -1;
- goto end;
- }
-
if (tracepoint_comm->domain_type <= LTTNG_DOMAIN_NONE ||
tracepoint_comm->domain_type > LTTNG_DOMAIN_PYTHON) {
/* Invalid domain value. */
if (tracepoint_comm->domain_type <= LTTNG_DOMAIN_NONE ||
tracepoint_comm->domain_type > LTTNG_DOMAIN_PYTHON) {
/* Invalid domain value. */
/* Map the pattern. */
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, tracepoint_comm->pattern_len);
/* Map the pattern. */
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, tracepoint_comm->pattern_len);
- pattern = current_buffer_view.data;
- if (!pattern) {
+
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ pattern = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view, pattern,
tracepoint_comm->pattern_len)) {
ret = -1;
if (!lttng_buffer_view_contains_string(¤t_buffer_view, pattern,
tracepoint_comm->pattern_len)) {
ret = -1;
/* Map the filter_expression. */
current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
tracepoint_comm->filter_expression_len);
/* Map the filter_expression. */
current_buffer_view = lttng_buffer_view_from_view(&view->buffer, offset,
tracepoint_comm->filter_expression_len);
- filter_expression = current_buffer_view.data;
- if (!filter_expression) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ filter_expression = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
filter_expression,
tracepoint_comm->filter_expression_len)) {
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
filter_expression,
tracepoint_comm->filter_expression_len)) {
for (i = 0; i < tracepoint_comm->exclusions_count; i++) {
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, sizeof(*exclusion_len));
for (i = 0; i < tracepoint_comm->exclusions_count; i++) {
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, sizeof(*exclusion_len));
- exclusion_len = (typeof(exclusion_len)) current_buffer_view.data;
- if (!exclusion_len) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ exclusion_len = (typeof(exclusion_len)) current_buffer_view.data;
offset += sizeof(*exclusion_len);
offset += sizeof(*exclusion_len);
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, *exclusion_len);
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, *exclusion_len);
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ ret = -1;
+ goto end;
+ }
+
exclusion = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
exclusion, *exclusion_len)) {
exclusion = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view,
exclusion, *exclusion_len)) {
- if (view->buffer.size < sizeof(*uprobe_comm)) {
- ERR("Failed to initialize from malformed event rule uprobe: buffer too short to contain header.");
- ret = -1;
- goto end;
- }
-
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, sizeof(*uprobe_comm));
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, sizeof(*uprobe_comm));
- uprobe_comm = (typeof(uprobe_comm)) current_buffer_view.data;
-
- if (!uprobe_comm) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ ERR("Failed to initialize from malformed event rule uprobe: buffer too short to contain header");
+ uprobe_comm = (typeof(uprobe_comm)) current_buffer_view.data;
+
rule = lttng_event_rule_uprobe_create();
if (!rule) {
rule = lttng_event_rule_uprobe_create();
if (!rule) {
- ERR("Failed to create event rule uprobe.");
+ ERR("Failed to create event rule uprobe");
/* Map the name. */
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, uprobe_comm->name_len);
/* Map the name. */
current_buffer_view = lttng_buffer_view_from_view(
&view->buffer, offset, uprobe_comm->name_len);
- name = current_buffer_view.data;
- if (!name) {
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
+ name = current_buffer_view.data;
if (!lttng_buffer_view_contains_string(¤t_buffer_view, name,
uprobe_comm->name_len)) {
ret = -1;
if (!lttng_buffer_view_contains_string(¤t_buffer_view, name,
uprobe_comm->name_len)) {
ret = -1;
offset += uprobe_comm->name_len;
/* Map the location. */
offset += uprobe_comm->name_len;
/* Map the location. */
- struct lttng_payload_view current_payload_view =
- lttng_payload_view_from_view(view, offset,
- uprobe_comm->location_len);
- ret = lttng_userspace_probe_location_create_from_payload(
- ¤t_payload_view, &location);
- if (ret < 0) {
- ret = -1;
- goto end;
+ {
+ struct lttng_payload_view current_payload_view =
+ lttng_payload_view_from_view(view, offset,
+ uprobe_comm->location_len);
+
+ if (!lttng_payload_view_is_valid(¤t_payload_view)) {
+ ERR("Failed to initialize from malformed event rule uprobe: buffer too short to contain location");
+ ret = -1;
+ goto end;
+ }
+
+ ret = lttng_userspace_probe_location_create_from_payload(
+ ¤t_payload_view, &location);
+ if (ret < 0) {
+ ret = -1;
+ goto end;
+ }
}
assert(ret == uprobe_comm->location_len);
}
assert(ret == uprobe_comm->location_len);
struct lttng_payload_view *view,
struct lttng_kernel_probe_location **location)
{
struct lttng_payload_view *view,
struct lttng_kernel_probe_location **location)
{
- struct lttng_kernel_probe_location_comm *probe_location_comm;
enum lttng_kernel_probe_location_type type;
ssize_t consumed = 0;
ssize_t ret;
enum lttng_kernel_probe_location_type type;
ssize_t consumed = 0;
ssize_t ret;
+ const struct lttng_kernel_probe_location_comm *probe_location_comm;
+ const struct lttng_payload_view probe_location_comm_view =
+ lttng_payload_view_from_view(
+ view, 0, sizeof(*probe_location_comm));
assert(view);
assert(location);
assert(view);
assert(location);
- if (view->buffer.size <= sizeof(*probe_location_comm)) {
+ if (!lttng_payload_view_is_valid(&probe_location_comm_view)) {
ret = -LTTNG_ERR_INVALID;
goto end;
}
ret = -LTTNG_ERR_INVALID;
goto end;
}
- probe_location_comm = (typeof(probe_location_comm)) view->buffer.data;
+ probe_location_comm = (typeof(probe_location_comm)) probe_location_comm_view.buffer.data;
type = (enum lttng_kernel_probe_location_type) probe_location_comm->type;
consumed += sizeof(*probe_location_comm);
type = (enum lttng_kernel_probe_location_type) probe_location_comm->type;
consumed += sizeof(*probe_location_comm);
location_comm_view = lttng_buffer_view_from_view(view, 0,
sizeof(*location_comm));
location_comm_view = lttng_buffer_view_from_view(view, 0,
sizeof(*location_comm));
- if (!location_comm_view.data) {
+ if (!lttng_buffer_view_is_valid(&location_comm_view)) {
offset += location_comm_view.size;
offset += location_comm_view.size;
- location_comm = (const struct lttng_trace_archive_location_comm *) view->data;
+ location_comm = (const struct lttng_trace_archive_location_comm *) location_comm_view.data;
switch ((enum lttng_trace_archive_location_type) location_comm->type) {
case LTTNG_TRACE_ARCHIVE_LOCATION_TYPE_LOCAL:
switch ((enum lttng_trace_archive_location_type) location_comm->type) {
case LTTNG_TRACE_ARCHIVE_LOCATION_TYPE_LOCAL:
lttng_buffer_view_from_view(view, offset,
location_comm->types.local.absolute_path_len);
lttng_buffer_view_from_view(view, offset,
location_comm->types.local.absolute_path_len);
- if (!absolute_path_view.data) {
+ if (!lttng_buffer_view_is_valid(&absolute_path_view)) {
if (absolute_path_view.data[absolute_path_view.size - 1] != '\0') {
goto error;
}
if (absolute_path_view.data[absolute_path_view.size - 1] != '\0') {
goto error;
}
offset + hostname_view.size,
location_comm->types.relay.relative_path_len);
offset + hostname_view.size,
location_comm->types.relay.relative_path_len);
- if (!hostname_view.data || !relative_path_view.data) {
+ if (!lttng_buffer_view_is_valid(&hostname_view) ||
+ !lttng_buffer_view_is_valid(
+ &relative_path_view)) {
if (hostname_view.data[hostname_view.size - 1] != '\0') {
goto error;
}
if (hostname_view.data[hostname_view.size - 1] != '\0') {
goto error;
}
struct lttng_notification **notification)
{
ssize_t ret, notification_size = 0, condition_size, evaluation_size;
struct lttng_notification **notification)
{
ssize_t ret, notification_size = 0, condition_size, evaluation_size;
- const struct lttng_notification_comm *notification_comm;
struct lttng_condition *condition;
struct lttng_evaluation *evaluation;
struct lttng_condition *condition;
struct lttng_evaluation *evaluation;
+ const struct lttng_notification_comm *notification_comm;
+ const struct lttng_payload_view notification_comm_view =
+ lttng_payload_view_from_view(
+ src_view, 0, sizeof(*notification_comm));
if (!src_view || !notification) {
ret = -1;
goto end;
}
if (!src_view || !notification) {
ret = -1;
goto end;
}
- notification_comm = (typeof(notification_comm)) src_view->buffer.data;
+ if (!lttng_payload_view_is_valid(¬ification_comm_view)) {
+ /* Payload not large enough to contain the header. */
+ ret = -1;
+ goto end;
+ }
+
+ notification_comm = (typeof(notification_comm)) notification_comm_view.buffer.data;
notification_size += sizeof(*notification_comm);
{
/* struct lttng_condition */
notification_size += sizeof(*notification_comm);
{
/* struct lttng_condition */
#include "payload.h"
#include <stddef.h>
#include "payload.h"
#include <stddef.h>
+LTTNG_HIDDEN
+bool lttng_payload_view_is_valid(const struct lttng_payload_view *view)
+{
+ return view && lttng_buffer_view_is_valid(&view->buffer);
+}
+
LTTNG_HIDDEN
struct lttng_payload_view lttng_payload_view_from_payload(
const struct lttng_payload *payload, size_t offset,
ptrdiff_t len)
{
LTTNG_HIDDEN
struct lttng_payload_view lttng_payload_view_from_payload(
const struct lttng_payload *payload, size_t offset,
ptrdiff_t len)
{
- return (struct lttng_payload_view) {
+ return payload ? (struct lttng_payload_view) {
.buffer = lttng_buffer_view_from_dynamic_buffer(
&payload->buffer, offset, len),
._fd_handles = payload->_fd_handles,
.buffer = lttng_buffer_view_from_dynamic_buffer(
&payload->buffer, offset, len),
._fd_handles = payload->_fd_handles,
+ } : (struct lttng_payload_view) {};
struct lttng_payload_view *view, size_t offset,
ptrdiff_t len)
{
struct lttng_payload_view *view, size_t offset,
ptrdiff_t len)
{
- return (struct lttng_payload_view) {
+ return view ? (struct lttng_payload_view) {
.buffer = lttng_buffer_view_from_view(
&view->buffer, offset, len),
._fd_handles = view->_fd_handles,
._iterator.p_fd_handles_position = view->_iterator.p_fd_handles_position ?:
&view->_iterator.fd_handles_position,
.buffer = lttng_buffer_view_from_view(
&view->buffer, offset, len),
._fd_handles = view->_fd_handles,
._iterator.p_fd_handles_position = view->_iterator.p_fd_handles_position ?:
&view->_iterator.fd_handles_position,
+ } : (struct lttng_payload_view) {};
const struct lttng_dynamic_buffer *buffer, size_t offset,
ptrdiff_t len)
{
const struct lttng_dynamic_buffer *buffer, size_t offset,
ptrdiff_t len)
{
- return (struct lttng_payload_view) {
+ return buffer ? (struct lttng_payload_view) {
.buffer = lttng_buffer_view_from_dynamic_buffer(
buffer, offset, len)
.buffer = lttng_buffer_view_from_dynamic_buffer(
buffer, offset, len)
+ } : (struct lttng_payload_view) {};
const struct lttng_buffer_view *view, size_t offset,
ptrdiff_t len)
{
const struct lttng_buffer_view *view, size_t offset,
ptrdiff_t len)
{
- return (struct lttng_payload_view) {
+ return view ? (struct lttng_payload_view) {
.buffer = lttng_buffer_view_from_view(
view, offset, len)
.buffer = lttng_buffer_view_from_view(
view, offset, len)
+ } : (struct lttng_payload_view) {};
+/**
+ * Checks if a payload view's buffer is safe to access.
+ *
+ * After calling the payload view creation functions, callers should verify
+ * if the resquested length (if any is explicitly provided) could be mapped
+ * to a new view.
+ */
+LTTNG_HIDDEN
+bool lttng_payload_view_is_valid(const struct lttng_payload_view *view);
+
/**
* Return a payload view referencing a subset of a payload.
*
/**
* Return a payload view referencing a subset of a payload.
*
{
ssize_t ret, condition_size;
enum lttng_condition_status status;
{
ssize_t ret, condition_size;
enum lttng_condition_status status;
- const struct lttng_condition_session_consumed_size_comm *condition_comm;
const char *session_name;
const char *session_name;
- struct lttng_buffer_view names_view;
+ struct lttng_buffer_view session_name_view;
+ const struct lttng_condition_session_consumed_size_comm *condition_comm;
+ struct lttng_payload_view condition_comm_view = lttng_payload_view_from_view(
+ src_view, 0, sizeof(*condition_comm));
- if (src_view->buffer.size < sizeof(*condition_comm)) {
+ if (!lttng_payload_view_is_valid(&condition_comm_view)) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
- condition_comm = (typeof(condition_comm)) src_view->buffer.data;
- names_view = lttng_buffer_view_from_view(&src_view->buffer,
- sizeof(*condition_comm), -1);
+ condition_comm = (typeof(condition_comm)) condition_comm_view.buffer.data;
+ session_name_view = lttng_buffer_view_from_view(&src_view->buffer,
+ sizeof(*condition_comm), condition_comm->session_name_len);
if (condition_comm->session_name_len > LTTNG_NAME_MAX) {
ERR("Failed to initialize from malformed condition buffer: name exceeds LTTNG_MAX_NAME");
if (condition_comm->session_name_len > LTTNG_NAME_MAX) {
ERR("Failed to initialize from malformed condition buffer: name exceeds LTTNG_MAX_NAME");
- if (names_view.size < condition_comm->session_name_len) {
+ if (!lttng_buffer_view_is_valid(&session_name_view)) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain element names");
ret = -1;
goto end;
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain element names");
ret = -1;
goto end;
- session_name = names_view.data;
+ session_name = session_name_view.data;
if (*(session_name + condition_comm->session_name_len - 1) != '\0') {
ERR("Malformed session name encountered in condition buffer");
ret = -1;
if (*(session_name + condition_comm->session_name_len - 1) != '\0') {
ERR("Malformed session name encountered in condition buffer");
ret = -1;
current_view = lttng_buffer_view_from_view(payload, offset,
sizeof(*base_header));
current_view = lttng_buffer_view_from_view(payload, offset,
sizeof(*base_header));
- base_header = (typeof(base_header)) current_view.data;
- if (!base_header) {
+ if (!lttng_buffer_view_is_valid(¤t_view)) {
+ base_header = (typeof(base_header)) current_view.data;
switch (base_header->type) {
case LTTNG_SESSION_DESCRIPTOR_TYPE_REGULAR:
case LTTNG_SESSION_DESCRIPTOR_TYPE_SNAPSHOT:
switch (base_header->type) {
case LTTNG_SESSION_DESCRIPTOR_TYPE_REGULAR:
case LTTNG_SESSION_DESCRIPTOR_TYPE_SNAPSHOT:
current_view = lttng_buffer_view_from_view(payload, offset,
sizeof(*live_header));
current_view = lttng_buffer_view_from_view(payload, offset,
sizeof(*live_header));
- live_header = (typeof(live_header)) current_view.data;
- if (!live_header) {
+ if (!lttng_buffer_view_is_valid(¤t_view)) {
+ live_header = (typeof(live_header)) current_view.data;
live_timer_us = live_header->live_timer_us;
break;
}
live_timer_us = live_header->live_timer_us;
break;
}
/* Map the name. */
current_view = lttng_buffer_view_from_view(payload, offset,
base_header->name_len);
/* Map the name. */
current_view = lttng_buffer_view_from_view(payload, offset,
base_header->name_len);
- name = current_view.data;
- if (!name) {
+ if (!lttng_buffer_view_is_valid(¤t_view)) {
+ name = current_view.data;
if (base_header->name_len == 1 ||
name[base_header->name_len - 1] ||
strlen(name) != base_header->name_len - 1) {
if (base_header->name_len == 1 ||
name[base_header->name_len - 1] ||
strlen(name) != base_header->name_len - 1) {
/* Map a URI. */
current_view = lttng_buffer_view_from_view(payload,
offset, sizeof(*uri));
/* Map a URI. */
current_view = lttng_buffer_view_from_view(payload,
offset, sizeof(*uri));
- uri = (typeof(uri)) current_view.data;
- if (!uri) {
+ if (!lttng_buffer_view_is_valid(¤t_view)) {
+
+ uri = (typeof(uri)) current_view.data;
uris[i] = zmalloc(sizeof(*uri));
if (!uris[i]) {
ret = -1;
uris[i] = zmalloc(sizeof(*uri));
if (!uris[i]) {
ret = -1;
{
ssize_t ret, condition_size;
enum lttng_condition_status status;
{
ssize_t ret, condition_size;
enum lttng_condition_status status;
- const struct lttng_condition_session_rotation_comm *condition_comm;
const char *session_name;
struct lttng_buffer_view name_view;
const char *session_name;
struct lttng_buffer_view name_view;
+ const struct lttng_condition_session_rotation_comm *condition_comm;
+ struct lttng_payload_view condition_comm_view =
+ lttng_payload_view_from_view(
+ src_view, 0, sizeof(*condition_comm));
- if (src_view->buffer.size < sizeof(*condition_comm)) {
+ if (!lttng_payload_view_is_valid(&condition_comm_view)) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
condition_comm = (typeof(condition_comm)) src_view->buffer.data;
name_view = lttng_buffer_view_from_view(&src_view->buffer,
condition_comm = (typeof(condition_comm)) src_view->buffer.data;
name_view = lttng_buffer_view_from_view(&src_view->buffer,
- sizeof(*condition_comm), -1);
+ sizeof(*condition_comm), condition_comm->session_name_len);
- if (condition_comm->session_name_len > LTTNG_NAME_MAX) {
- ERR("Failed to initialize from malformed condition buffer: name exceeds LTTNG_MAX_NAME");
+ if (!lttng_buffer_view_is_valid(&name_view)) {
+ ERR("Failed to initialize from malformed condition buffer: buffer too short to contain session name");
- if (name_view.size < condition_comm->session_name_len) {
- ERR("Failed to initialize from malformed condition buffer: buffer too short to contain session name");
+ if (condition_comm->session_name_len > LTTNG_NAME_MAX) {
+ ERR("Failed to initialize from malformed condition buffer: name exceeds LTTNG_MAX_NAME");
ssize_t ret, size;
struct lttng_evaluation *evaluation = NULL;
struct lttng_trace_archive_location *location = NULL;
ssize_t ret, size;
struct lttng_evaluation *evaluation = NULL;
struct lttng_trace_archive_location *location = NULL;
- const struct lttng_evaluation_session_rotation_comm *comm =
- (typeof(comm)) view->buffer.data;
- struct lttng_buffer_view location_view;
+ const struct lttng_evaluation_session_rotation_comm *comm;
+ struct lttng_payload_view comm_view = lttng_payload_view_from_view(
+ view, 0, sizeof(*comm));
- if (view->buffer.size < sizeof(*comm)) {
+ if (!lttng_payload_view_is_valid(&comm_view)) {
+ comm = (typeof(comm)) comm_view.buffer.data;
size = sizeof(*comm);
if (comm->has_location) {
size = sizeof(*comm);
if (comm->has_location) {
- location_view = lttng_buffer_view_from_view(
- &view->buffer, sizeof(*comm), -1);
- if (!location_view.data) {
+ const struct lttng_buffer_view location_view =
+ lttng_buffer_view_from_view(
+ &view->buffer, sizeof(*comm), -1);
+
+ if (!lttng_buffer_view_is_valid(&location_view)) {
header_view = lttng_buffer_view_from_view(
buffer_view, 0, sizeof(*header));
header_view = lttng_buffer_view_from_view(
buffer_view, 0, sizeof(*header));
- if (!header_view.data) {
+ if (!lttng_buffer_view_is_valid(&header_view)) {
offset = header_view.size;
header = (typeof(header)) header_view.data;
offset = header_view.size;
header = (typeof(header)) header_view.data;
value_view = lttng_buffer_view_from_view(
buffer_view, offset, sizeof(*value_comm));
value_view = lttng_buffer_view_from_view(
buffer_view, offset, sizeof(*value_comm));
- if (!value_view.data) {
+ if (!lttng_buffer_view_is_valid(&value_view)) {
value_name_view = lttng_buffer_view_from_view(
buffer_view, offset,
value_comm->value.name_len);
value_name_view = lttng_buffer_view_from_view(
buffer_view, offset,
value_comm->value.name_len);
+ if (!lttng_buffer_view_is_valid(&value_name_view)) {
+ goto error;
+ }
+
offset += value_name_view.size;
}
offset += value_name_view.size;
}
ret_code = process_attr_value_from_comm(domain, process_attr,
type, &value_comm->value.integral,
&value_name_view, &value);
ret_code = process_attr_value_from_comm(domain, process_attr,
type, &value_comm->value.integral,
&value_name_view, &value);
.uid = LTTNG_OPTIONAL_INIT_UNSET,
.gid = LTTNG_OPTIONAL_INIT_UNSET,
};
.uid = LTTNG_OPTIONAL_INIT_UNSET,
.gid = LTTNG_OPTIONAL_INIT_UNSET,
};
+ const struct lttng_payload_view trigger_comm_view =
+ lttng_payload_view_from_view(
+ src_view, 0, sizeof(*trigger_comm));
if (!src_view || !trigger) {
ret = -1;
goto end;
}
if (!src_view || !trigger) {
ret = -1;
goto end;
}
+ if (!lttng_payload_view_is_valid(&trigger_comm_view)) {
+ /* Payload not large enough to contain the header. */
+ ret = -1;
+ goto end;
+ }
+
/* lttng_trigger_comm header */
/* lttng_trigger_comm header */
- trigger_comm = (typeof(trigger_comm)) src_view->buffer.data;
+ trigger_comm = (typeof(trigger_comm)) trigger_comm_view.buffer.data;
/* Set the trigger's creds. */
if (trigger_comm->uid > (uint64_t) ((uid_t) -1)) {
/* Set the trigger's creds. */
if (trigger_comm->uid > (uint64_t) ((uid_t) -1)) {
/* Name. */
const struct lttng_payload_view name_view =
lttng_payload_view_from_view(
/* Name. */
const struct lttng_payload_view name_view =
lttng_payload_view_from_view(
- src_view, offset, trigger_comm->name_length);
+ src_view, offset,
+ trigger_comm->name_length);
+
+ if (!lttng_payload_view_is_valid(&name_view)) {
+ ret = -1;
+ goto end;
+ }
name = name_view.buffer.data;
if (!lttng_buffer_view_contains_string(&name_view.buffer, name,
name = name_view.buffer.data;
if (!lttng_buffer_view_contains_string(&name_view.buffer, name,
struct lttng_userspace_probe_location **location)
{
struct lttng_userspace_probe_location_lookup_method *lookup_method;
struct lttng_userspace_probe_location **location)
{
struct lttng_userspace_probe_location_lookup_method *lookup_method;
- struct lttng_userspace_probe_location_comm *probe_location_comm;
enum lttng_userspace_probe_location_type type;
int consumed = 0;
int ret;
enum lttng_userspace_probe_location_type type;
int consumed = 0;
int ret;
+ struct lttng_userspace_probe_location_comm *probe_location_comm;
+ struct lttng_payload_view probe_location_comm_view =
+ lttng_payload_view_from_view(
+ view, 0, sizeof(*probe_location_comm));
assert(view);
assert(location);
lookup_method = NULL;
assert(view);
assert(location);
lookup_method = NULL;
- if (view->buffer.size <= sizeof(*probe_location_comm)) {
+ if (!lttng_payload_view_is_valid(&probe_location_comm_view)) {
ret = -LTTNG_ERR_INVALID;
goto end;
}
ret = -LTTNG_ERR_INVALID;
goto end;
}
- probe_location_comm = (typeof(probe_location_comm)) view->buffer.data;
+ probe_location_comm = (typeof(probe_location_comm)) probe_location_comm_view.buffer.data;
type = (enum lttng_userspace_probe_location_type) probe_location_comm->type;
consumed += sizeof(*probe_location_comm);
type = (enum lttng_userspace_probe_location_type) probe_location_comm->type;
consumed += sizeof(*probe_location_comm);
cmd_header_view = lttng_buffer_view_from_dynamic_buffer(
&payload.buffer, 0, sizeof(*cmd_header));
cmd_header_view = lttng_buffer_view_from_dynamic_buffer(
&payload.buffer, 0, sizeof(*cmd_header));
- if (!cmd_header_view.data) {
+ if (!lttng_buffer_view_is_valid(&cmd_header_view)) {
ret = -LTTNG_ERR_INVALID_PROTOCOL;
goto end;
}
ret = -LTTNG_ERR_INVALID_PROTOCOL;
goto end;
}
payload_view.buffer.data,
ext_comm->userspace_probe_location_len);
payload_view.buffer.data,
ext_comm->userspace_probe_location_len);
+ if (!lttng_payload_view_is_valid(&probe_location_view)) {
+ ret = -LTTNG_ERR_PROBE_LOCATION_INVAL;
+ goto end;
+ }
+
/*
* Create a temporary userspace probe location
* to determine the size needed by a "flattened"
/*
* Create a temporary userspace probe location
* to determine the size needed by a "flattened"
payload_copy_view.buffer.data,
ext_comm->userspace_probe_location_len);
payload_copy_view.buffer.data,
ext_comm->userspace_probe_location_len);
+ if (!lttng_payload_view_is_valid(&probe_location_view)) {
+ ret = -LTTNG_ERR_PROBE_LOCATION_INVAL;
+ goto free_dynamic_buffer;
+ }
+
ret = lttng_userspace_probe_location_create_from_payload(
&probe_location_view,
&probe_location);
ret = lttng_userspace_probe_location_create_from_payload(
&probe_location_view,
&probe_location);
projects / lttng-tools.git / commitdiff
