Fix: Properly sanitize input parameter

The lttng client uses the sizeof the containing buffer, defined as
LTTNG_SYMBOL_NAME_LEN, for input string sanitation instead of libc defined
macro NAME_MAX. lttng-enable_channel improperly verified user input
and wrongly discarded valid input in case NAME_MAX was less than the
sizeof the containing buffer for the channel's name.
This patch also fixes potential buffer overflow caused by an improperly
bounded strcpy in the case where NAME_MAX would have been greater than
LTTNG_SYMBOL_NAME_LEN.

Signed-off-by: Yannick Lamarre <ylamarre@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/bin/lttng/commands/enable_channels.c b/src/bin/lttng/commands/enable_channels.c
index b4e2942c3bb5cab0477adb3bc08cc30c33f4475d..3a7f9fd06b937141f7493c595ddc16f399233cec 100644 (file)
--- a/src/bin/lttng/commands/enable_channels.c
+++ b/src/bin/lttng/commands/enable_channels.c
@@ -244,7 +244,7 @@ static int enable_channel(char *session_name)
                void *extended_ptr;
 
                /* Validate channel name's length */
                void *extended_ptr;
 
                /* Validate channel name's length */

-               if (strlen(channel_name) >= NAME_MAX) {
+               if (strlen(channel_name) >= sizeof(chan_opts.name)) {

                        ERR("Channel name is too long (max. %zu characters)",
                                        sizeof(chan_opts.name) - 1);
                        error = 1;
                        ERR("Channel name is too long (max. %zu characters)",
                                        sizeof(chan_opts.name) - 1);
                        error = 1;