From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Tue, 17 May 2016 01:42:45 +0000 (-0400)
Subject: Fix: illegal memory access in disable_event
X-Git-Tag: v2.9.0-rc1~228
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=63be730acb117ad7192598551627dede8410af67

Fix: illegal memory access in disable_event

Found by Coverity:
CID 1243016 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)14. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array msg.name of size
256 bytes might leave the destination string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c
index f79ac00e6..6841d4192 100644
--- a/src/bin/lttng-sessiond/agent.c
+++ b/src/bin/lttng-sessiond/agent.c
@@ -594,14 +594,17 @@ static int disable_event(struct agent_app *app, struct agent_event *event)
 			app->pid, app->sock->fd);
 
 	data_size = sizeof(msg);
+	memset(&msg, 0, sizeof(msg));
+	if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) {
+		ret = LTTNG_ERR_INVALID;
+		goto error;
+	}
 
 	ret = send_header(app->sock, data_size, AGENT_CMD_DISABLE, 0);
 	if (ret < 0) {
 		goto error_io;
 	}
 
-	memset(&msg, 0, sizeof(msg));
-	strncpy(msg.name, event->name, sizeof(msg.name));
 	ret = send_payload(app->sock, &msg, sizeof(msg));
 	if (ret < 0) {
 		goto error_io;