Fix: illegal memory access in enable_event
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 17 May 2016 01:42:44 +0000 (21:42 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Tue, 17 May 2016 04:29:44 +0000 (00:29 -0400)
Found by Coverity:
CID 1243033 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)16. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array msg.name of size
256 bytes might leave the destination string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-sessiond/agent.c

index ced0f85cf018c93d5ad1ac9a79a7e6c788ab136c..f79ac00e6f4c5313928d5a15bd560efbe41454d4 100644 (file)
@@ -408,17 +408,20 @@ static int enable_event(struct agent_app *app, struct agent_event *event)
        }
        data_size = sizeof(msg) + filter_expression_length;
 
-       ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0);
-       if (ret < 0) {
-               goto error_io;
-       }
-
        memset(&msg, 0, sizeof(msg));
        msg.loglevel_value = htobe32(event->loglevel_value);
        msg.loglevel_type = htobe32(event->loglevel_type);
-       strncpy(msg.name, event->name, sizeof(msg.name));
+       if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) {
+               ret = LTTNG_ERR_INVALID;
+               goto error;
+       }
        msg.filter_expression_length = htobe32(filter_expression_length);
 
+       ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0);
+       if (ret < 0) {
+               goto error_io;
+       }
+
        bytes_to_send = zmalloc(data_size);
        if (!bytes_to_send) {
                ret = LTTNG_ERR_NOMEM;
This page took 0.034781 seconds and 4 git commands to generate.