From 590f0324d6dfd382f79229a7934fa8b5b661641f Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Fri, 30 Aug 2019 18:10:56 -0400 Subject: [PATCH] Fix: validate that session, host and basepath are legal MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Ensure that session name, hostname and the session's base path do not contain dots ('.') to safeguard against malformed names that could be used to walk-up the relay daemon output path hierarchy. Signed-off-by: Jérémie Galarneau --- src/bin/lttng-relayd/session.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c index 603a80978..de059aae2 100644 --- a/src/bin/lttng-relayd/session.c +++ b/src/bin/lttng-relayd/session.c @@ -98,7 +98,23 @@ struct relay_session *session_create(const char *session_name, uint32_t minor) { int ret; - struct relay_session *session; + struct relay_session *session = NULL; + + if (session_name && strstr(session_name, ".")) { + ERR("Illegal character in session name: \"%s\"", + session_name); + goto error; + } + if (base_path && strstr(base_path, "../")) { + ERR("Invalid session base path walks up the path hierarchy: \"%s\"", + base_path); + goto error; + } + if (hostname && strstr(hostname, ".")) { + ERR("Invalid character in hostname: \"%s\"", + hostname); + goto error; + } session = zmalloc(sizeof(*session)); if (!session) { -- 2.34.1