From 04c172535ceed44c9dc8d40428a6247bef97ea28 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:41 -0400 Subject: [PATCH] Fix: illegal memory access in _cmd_enable_event MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1321742 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)21. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array attr->name of size 256 bytes might leave the destination string unterminated. CID 1321742 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)22. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array attr->name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/cmd.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c index 16d8ba25d..b72b09198 100644 --- a/src/bin/lttng-sessiond/cmd.c +++ b/src/bin/lttng-sessiond/cmd.c @@ -1853,7 +1853,12 @@ static int _cmd_enable_event(struct ltt_session *session, ret = LTTNG_ERR_FATAL; goto error; } - strncpy(attr->name, channel_name, sizeof(attr->name)); + if (lttng_strncpy(attr->name, channel_name, + sizeof(attr->name))) { + ret = LTTNG_ERR_INVALID; + free(attr); + goto error; + } ret = cmd_enable_channel(session, domain, attr, wpipe); if (ret != LTTNG_OK) { @@ -1990,7 +1995,12 @@ static int _cmd_enable_event(struct ltt_session *session, ret = LTTNG_ERR_FATAL; goto error; } - strncpy(attr->name, channel_name, sizeof(attr->name)); + if (lttng_strncpy(attr->name, channel_name, + sizeof(attr->name))) { + ret = LTTNG_ERR_INVALID; + free(attr); + goto error; + } ret = cmd_enable_channel(session, domain, attr, wpipe); if (ret != LTTNG_OK) { -- 2.34.1