Fix: illegal memory access in cmd_snapshot_record
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 17 May 2016 01:42:50 +0000 (21:42 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Tue, 17 May 2016 04:29:44 +0000 (00:29 -0400)
Found by Coverity:
CID 1243027 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)20. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array tmp_output.name
of size 255 bytes might leave the destination string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-sessiond/cmd.c

index 201cbd183f8796f0bf716546562f31fd6b80b9b9..3c59d092c2e9b0f2ca848277219091307b20c078 100644 (file)
@@ -3903,8 +3903,12 @@ int cmd_snapshot_record(struct ltt_session *session,
 
                        /* Use temporary name. */
                        if (*output->name != '\0') {
-                               strncpy(tmp_output.name, output->name,
-                                               sizeof(tmp_output.name));
+                               if (lttng_strncpy(tmp_output.name, output->name,
+                                               sizeof(tmp_output.name))) {
+                                       ret = LTTNG_ERR_INVALID;
+                                       rcu_read_unlock();
+                                       goto error;
+                               }
                        }
 
                        tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
This page took 0.036399 seconds and 4 git commands to generate.