From 129d59f5a8860d15bef3ed5a59c88e13912a5367 Mon Sep 17 00:00:00 2001
From: Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
Date: Tue, 1 Mar 2022 09:52:21 -0500
Subject: [PATCH] Fix: lttng-sessiond: event_context might leak
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

If the parsing completed but is not the expected size, the
*out_event_context object leaks.

Reported by Coverity:

    CID 1475821 (#1 of 1): Resource leak (RESOURCE_LEAK)
    Variable event_context going out of scope leaks the storage it points to.

Change-Id: I8198f7f3f1e1af3dcb377d89674402ec49cb788b
Signed-off-by: Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
Signed-off-by: JÃ©rÃ©mie Galarneau <jeremie.galarneau@efficios.com>
---
 src/bin/lttng-sessiond/client.cpp | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/bin/lttng-sessiond/client.cpp b/src/bin/lttng-sessiond/client.cpp
index f28037dcb..69a6497ee 100644
--- a/src/bin/lttng-sessiond/client.cpp
+++ b/src/bin/lttng-sessiond/client.cpp
@@ -842,6 +842,7 @@ static enum lttng_error_code receive_lttng_event_context(
 	ssize_t sock_recv_len;
 	enum lttng_error_code ret_code;
 	struct lttng_payload event_context_payload;
+	struct lttng_event_context *context = NULL;
 
 	lttng_payload_init(&event_context_payload);
 
@@ -864,22 +865,33 @@ static enum lttng_error_code receive_lttng_event_context(
 
 	/* Deserialize event. */
 	{
+		ssize_t len;
 		struct lttng_payload_view event_context_view =
 				lttng_payload_view_from_payload(
 						&event_context_payload, 0, -1);
 
-		if (lttng_event_context_create_from_payload(
-				&event_context_view, out_event_context) !=
-				event_context_len) {
-			ERR("Invalid event context received as part of command payload");
+		len = lttng_event_context_create_from_payload(
+				&event_context_view, &context);
+
+		if (len < 0) {
+			ERR("Failed to create a event context from the received buffer");
+			ret_code = LTTNG_ERR_INVALID_PROTOCOL;
+			goto end;
+		}
+
+		if (len != event_context_len) {
+			ERR("Event context from the received buffer is not the advertised length: expected length = %zu, payload length = %zd", event_context_len, len);
 			ret_code = LTTNG_ERR_INVALID_PROTOCOL;
 			goto end;
 		}
 	}
 
+	*out_event_context = context;
+	context = NULL;
 	ret_code = LTTNG_OK;
 
 end:
+	lttng_event_context_destroy(context);
 	lttng_payload_reset(&event_context_payload);
 	return ret_code;
 }
@@ -1353,7 +1365,7 @@ skip_domain:
 	switch (cmd_ctx->lsm.cmd_type) {
 	case LTTNG_ADD_CONTEXT:
 	{
-		struct lttng_event_context *event_context;
+		struct lttng_event_context *event_context = NULL;
 		const enum lttng_error_code ret_code =
 			receive_lttng_event_context(
 				cmd_ctx, *sock, sock_error, &event_context);
-- 
2.34.1