From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Tue, 17 May 2016 01:42:46 +0000 (-0400)
Subject: Fix: illegal memory access in list_events
X-Git-Tag: v2.9.0-rc1~227
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=0a85e7a38cb71bee129af0d2c6fe9de1306ea80c

Fix: illegal memory access in list_events

Found by Coverity:
CID 1243022 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)23. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array (tmp_events +
i).name of size 256 bytes might leave the destination string
unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c
index 6841d4192..8e1ef0849 100644
--- a/src/bin/lttng-sessiond/agent.c
+++ b/src/bin/lttng-sessiond/agent.c
@@ -353,8 +353,11 @@ static ssize_t list_events(struct agent_app *app, struct lttng_event **events)
 
 	for (i = 0; i < nb_event; i++) {
 		offset += len;
-		strncpy(tmp_events[i].name, reply->payload + offset,
-				sizeof(tmp_events[i].name));
+		if (lttng_strncpy(tmp_events[i].name, reply->payload + offset,
+				sizeof(tmp_events[i].name))) {
+			ret = LTTNG_ERR_INVALID;
+			goto error;
+		}
 		tmp_events[i].pid = app->pid;
 		tmp_events[i].enabled = -1;
 		len = strlen(reply->payload + offset) + 1;