From: Mathieu Desnoyers Date: Tue, 17 May 2016 01:42:58 +0000 (-0400) Subject: Fix: illegal memory access in viewer_list_sessions X-Git-Tag: v2.9.0-rc1~215 X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=bfc3fb17b18dffde4b19c51c002d0112eca06f70 Fix: illegal memory access in viewer_list_sessions Found by Coverity: CID 1243025 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array send_session->hostname of size 64 bytes might leave the destination string unterminated. CID 1243025 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array send_session->session_name of size 255 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- diff --git a/src/bin/lttng-relayd/live.c b/src/bin/lttng-relayd/live.c index a9f4f648b..f87e4baf0 100644 --- a/src/bin/lttng-relayd/live.c +++ b/src/bin/lttng-relayd/live.c @@ -831,10 +831,19 @@ int viewer_list_sessions(struct relay_connection *conn) buf_count = new_buf_count; } send_session = &send_session_buf[count]; - strncpy(send_session->session_name, session->session_name, - sizeof(send_session->session_name)); - strncpy(send_session->hostname, session->hostname, - sizeof(send_session->hostname)); + if (lttng_strncpy(send_session->session_name, + session->session_name, + sizeof(send_session->session_name))) { + ret = -1; + rcu_read_unlock(); + goto end_free; + } + if (lttng_strncpy(send_session->hostname, session->hostname, + sizeof(send_session->hostname))) { + ret = -1; + rcu_read_unlock(); + goto end_free; + } send_session->id = htobe64(session->id); send_session->live_timer = htobe32(session->live_timer); if (session->viewer_attached) {