From: Jérémie Galarneau Date: Mon, 23 Sep 2019 18:46:42 +0000 (-0400) Subject: relayd: clean-up: mix-up between LTTNG_PATH_MAX and LTTNG_NAME_MAX X-Git-Tag: v2.12.0-rc1~357 X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=da4f23eeb6dd852ec59bcc679312669876616281 relayd: clean-up: mix-up between LTTNG_PATH_MAX and LTTNG_NAME_MAX LTTNG_PATH_MAX and LTTNG_NAME_MAX are mixed up in cmd_create_session_2_4(). While Coverity warns of a possible buffer overrun, this is not possible since the length of the received buffer is correctly checked against LTTNG_NAME_MAX. Change the use of LTTNG_PATH_MAX for LTTNG_NAME_MAX even though strcpy() could be used safely here. 1405634 Out-of-bounds access Access of memory not owned by this buffer may cause crashes or incorrect computations. In relay_create_session: Out-of-bounds access to a buffer (CWE-119) Reported-by: Coverity Scan Signed-off-by: Jérémie Galarneau --- diff --git a/src/bin/lttng-relayd/cmd-2-4.c b/src/bin/lttng-relayd/cmd-2-4.c index ac6e04258..e20a838da 100644 --- a/src/bin/lttng-relayd/cmd-2-4.c +++ b/src/bin/lttng-relayd/cmd-2-4.c @@ -53,7 +53,7 @@ int cmd_create_session_2_4(const struct lttng_buffer_view *payload, ERR("Session name too long"); goto error; } - strncpy(session_name, session_info.session_name, LTTNG_PATH_MAX); + strncpy(session_name, session_info.session_name, LTTNG_NAME_MAX); len = lttng_strnlen(session_info.hostname, sizeof(session_info.hostname)); if (len == sizeof(session_info.hostname) || len >= LTTNG_HOST_NAME_MAX) {