From 6ce228753245961753ae3c81bfb7268433b712b4 Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Mon, 16 May 2016 21:42:47 -0400
Subject: [PATCH] Fix: illegal memory access in cmd_snapshot_list_outputs
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Found by Coverity:

CID 1243031 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)22. buffer_size_warning: Calling strncpy with a
maximum size argument of 4096 bytes on destination array (list +
idx).ctrl_url of size 4096 bytes might leave the destination string
unterminated.

CID 1243031 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)26. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array (list +
idx).name of size 255 bytes might leave the destination string
unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: JÃ©rÃ©mie Galarneau <jeremie.galarneau@efficios.com>
---
 src/bin/lttng-sessiond/cmd.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index 1327e42e4..201cbd183 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -3356,10 +3356,18 @@ ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
 		assert(output->consumer);
 		list[idx].id = output->id;
 		list[idx].max_size = output->max_size;
-		strncpy(list[idx].name, output->name, sizeof(list[idx].name));
+		if (lttng_strncpy(list[idx].name, output->name,
+				sizeof(list[idx].name))) {
+			ret = -LTTNG_ERR_INVALID;
+			goto error;
+		}
 		if (output->consumer->type == CONSUMER_DST_LOCAL) {
-			strncpy(list[idx].ctrl_url, output->consumer->dst.trace_path,
-					sizeof(list[idx].ctrl_url));
+			if (lttng_strncpy(list[idx].ctrl_url,
+					output->consumer->dst.trace_path,
+					sizeof(list[idx].ctrl_url))) {
+				ret = -LTTNG_ERR_INVALID;
+				goto error;
+			}
 		} else {
 			/* Control URI. */
 			ret = uri_to_str_url(&output->consumer->dst.net.control,
-- 
2.34.1