Fix: illegal memory access in session_create

Found by Coverity:

CID 1323138 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a
maximum size argument of 64 bytes on destination array session->hostname
of size 64 bytes might leave the destination string unterminated.

CID 1323138 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array
session->session_name of size 255 bytes might leave the destination
string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c
index d1c2098f8591a3a8c9c5e87b022f43e8fff627ee..9702bd220b0d134bc4502ecd6e4435e682e22ba1 100644 (file)
--- a/src/bin/lttng-relayd/session.c
+++ b/src/bin/lttng-relayd/session.c
@@ -46,11 +46,16 @@ struct relay_session *session_create(const char *session_name,
                PERROR("relay session zmalloc");
                goto error;
        }
-
+       if (lttng_strncpy(session->session_name, session_name,
+                       sizeof(session->session_name))) {
+               goto error;
+       }
+       if (lttng_strncpy(session->hostname, hostname,
+                       sizeof(session->hostname))) {
+               goto error;
+       }
        session->ctf_traces_ht = lttng_ht_new(0, LTTNG_HT_TYPE_STRING);
        if (!session->ctf_traces_ht) {
-               free(session);
-               session = NULL;
                goto error;
        }
 
@@ -67,17 +72,15 @@ struct relay_session *session_create(const char *session_name,
        pthread_mutex_init(&session->reflock, NULL);
        pthread_mutex_init(&session->recv_list_lock, NULL);
 
-       strncpy(session->session_name, session_name,
-                       sizeof(session->session_name));
-       strncpy(session->hostname, hostname,
-                       sizeof(session->hostname));
        session->live_timer = live_timer;
        session->snapshot = snapshot;
 
        lttng_ht_add_unique_u64(sessions_ht, &session->session_n);
+       return session;
 
 error:
-       return session;
+       free(session);
+       return NULL;
 }
 
 /* Should be called with RCU read-side lock held. */