From: Mathieu Desnoyers Date: Tue, 17 May 2016 01:42:41 +0000 (-0400) Subject: Fix: illegal memory access in _cmd_enable_event X-Git-Tag: v2.9.0-rc1~233 X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=04c172535ceed44c9dc8d40428a6247bef97ea28 Fix: illegal memory access in _cmd_enable_event Found by Coverity: CID 1321742 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)21. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array attr->name of size 256 bytes might leave the destination string unterminated. CID 1321742 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)22. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array attr->name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c index 16d8ba25d..b72b09198 100644 --- a/src/bin/lttng-sessiond/cmd.c +++ b/src/bin/lttng-sessiond/cmd.c @@ -1853,7 +1853,12 @@ static int _cmd_enable_event(struct ltt_session *session, ret = LTTNG_ERR_FATAL; goto error; } - strncpy(attr->name, channel_name, sizeof(attr->name)); + if (lttng_strncpy(attr->name, channel_name, + sizeof(attr->name))) { + ret = LTTNG_ERR_INVALID; + free(attr); + goto error; + } ret = cmd_enable_channel(session, domain, attr, wpipe); if (ret != LTTNG_OK) { @@ -1990,7 +1995,12 @@ static int _cmd_enable_event(struct ltt_session *session, ret = LTTNG_ERR_FATAL; goto error; } - strncpy(attr->name, channel_name, sizeof(attr->name)); + if (lttng_strncpy(attr->name, channel_name, + sizeof(attr->name))) { + ret = LTTNG_ERR_INVALID; + free(attr); + goto error; + } ret = cmd_enable_channel(session, domain, attr, wpipe); if (ret != LTTNG_OK) {