From 3a13ffd57b9d0a2eb2a56739661e23476171bee0 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:56 -0400 Subject: [PATCH] Fix: illegal memory access in relayd_create_session_2_4 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243024 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)2. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array msg.session_name of size 255 bytes might leave the destination string unterminated. CID 1243024 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array msg.hostname of size 64 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/common/relayd/relayd.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/common/relayd/relayd.c b/src/common/relayd/relayd.c index acf6c38e7..9e9525503 100644 --- a/src/common/relayd/relayd.c +++ b/src/common/relayd/relayd.c @@ -129,16 +129,15 @@ static int relayd_create_session_2_4(struct lttcomm_relayd_sock *rsock, int ret; struct lttcomm_relayd_create_session_2_4 msg; - if (strlen(session_name) >= sizeof(msg.session_name)) { + if (lttng_strncpy(msg.session_name, session_name, + sizeof(msg.session_name))) { ret = -1; goto error; } - strncpy(msg.session_name, session_name, sizeof(msg.session_name)); - if (strlen(hostname) >= sizeof(msg.hostname)) { + if (lttng_strncpy(msg.hostname, hostname, sizeof(msg.hostname))) { ret = -1; goto error; } - strncpy(msg.hostname, hostname, sizeof(msg.hostname)); msg.live_timer = htobe32(session_live_timer); msg.snapshot = htobe32(snapshot); -- 2.34.1