Fix: illegal memory access in send_viewer_streams
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 17 May 2016 01:42:59 +0000 (21:42 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Tue, 17 May 2016 05:59:33 +0000 (01:59 -0400)
Found by Coverity:

CID 1243037 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)18. buffer_size_warning: Calling strncpy with a
maximum size argument of 4096 bytes on destination array
send_stream.path_name of size 4096 bytes might leave the destination
string unterminated.

CID 1243037 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)18. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array
send_stream.channel_name of size 255 bytes might leave the destination
string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-relayd/live.c

index 598a5d8ff7fae3d7c25a99827e2b0c8fbba83746..78ea95cc247652185e5ab0fc218c259458e629c6 100644 (file)
@@ -230,10 +230,21 @@ ssize_t send_viewer_streams(struct lttcomm_sock *sock,
                send_stream.ctf_trace_id = htobe64(ctf_trace->id);
                send_stream.metadata_flag = htobe32(
                                vstream->stream->is_metadata);
-               strncpy(send_stream.path_name, vstream->path_name,
-                               sizeof(send_stream.path_name));
-               strncpy(send_stream.channel_name, vstream->channel_name,
-                               sizeof(send_stream.channel_name));
+               if (lttng_strncpy(send_stream.path_name, vstream->path_name,
+                               sizeof(send_stream.path_name))) {
+                       pthread_mutex_unlock(&vstream->stream->lock);
+                       viewer_stream_put(vstream);
+                       ret = -1;       /* Error. */
+                       goto end_unlock;
+               }
+               if (lttng_strncpy(send_stream.channel_name,
+                               vstream->channel_name,
+                               sizeof(send_stream.channel_name))) {
+                       pthread_mutex_unlock(&vstream->stream->lock);
+                       viewer_stream_put(vstream);
+                       ret = -1;       /* Error. */
+                       goto end_unlock;
+               }
 
                DBG("Sending stream %" PRIu64 " to viewer",
                                vstream->stream->stream_handle);
This page took 0.034819 seconds and 4 git commands to generate.