From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Tue, 17 May 2016 01:42:56 +0000 (-0400)
Subject: Fix: illegal memory access in relayd_create_session_2_4
X-Git-Tag: v2.9.0-rc1~217
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=3a13ffd57b9d0a2eb2a56739661e23476171bee0;hp=bb5d54e7416f8af61ac931c3b50b4df576e76731

Fix: illegal memory access in relayd_create_session_2_4

Found by Coverity:
CID 1243024 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)2. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array msg.session_name
of size 255 bytes might leave the destination string unterminated.

CID 1243024 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a
maximum size argument of 64 bytes on destination array msg.hostname of
size 64 bytes might leave the destination string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/common/relayd/relayd.c b/src/common/relayd/relayd.c
index acf6c38e7..9e9525503 100644
--- a/src/common/relayd/relayd.c
+++ b/src/common/relayd/relayd.c
@@ -129,16 +129,15 @@ static int relayd_create_session_2_4(struct lttcomm_relayd_sock *rsock,
 	int ret;
 	struct lttcomm_relayd_create_session_2_4 msg;
 
-	if (strlen(session_name) >= sizeof(msg.session_name)) {
+	if (lttng_strncpy(msg.session_name, session_name,
+			sizeof(msg.session_name))) {
 		ret = -1;
 		goto error;
 	}
-	strncpy(msg.session_name, session_name, sizeof(msg.session_name));
-	if (strlen(hostname) >= sizeof(msg.hostname)) {
+	if (lttng_strncpy(msg.hostname, hostname, sizeof(msg.hostname))) {
 		ret = -1;
 		goto error;
 	}
-	strncpy(msg.hostname, hostname, sizeof(msg.hostname));
 	msg.live_timer = htobe32(session_live_timer);
 	msg.snapshot = htobe32(snapshot);