From a7c918ad2aefd0c540b0aa4aacace40941d94643 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:57 -0400 Subject: [PATCH] Fix: illegal memory access in relayd_add_stream MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243017 (#1 of 4): Buffer not null terminated (BUFFER_SIZE_WARNING)14. buffer_size_warning: Calling strncpy with a maximum size argument of 264 bytes on destination array msg.channel_name of size 264 bytes might leave the destination string unterminated. ID 1243017 (#2 of 4): Buffer not null terminated (BUFFER_SIZE_WARNING)14. buffer_size_warning: Calling strncpy with a maximum size argument of 264 bytes on destination array msg_2_2.channel_name of size 264 bytes might leave the destination string unterminated. CID 1243017 (#3 of 4): Buffer not null terminated (BUFFER_SIZE_WARNING)15. buffer_size_warning: Calling strncpy with a maximum size argument of 4096 bytes on destination array msg.pathname of size 4096 bytes might leave the destination string unterminated. CID 1243017 (#4 of 4): Buffer not null terminated (BUFFER_SIZE_WARNING)15. buffer_size_warning: Calling strncpy with a maximum size argument of 4096 bytes on destination array msg_2_2.pathname of size 4096 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/common/relayd/relayd.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/common/relayd/relayd.c b/src/common/relayd/relayd.c index 9e9525503..7f0ea74e9 100644 --- a/src/common/relayd/relayd.c +++ b/src/common/relayd/relayd.c @@ -254,16 +254,16 @@ int relayd_add_stream(struct lttcomm_relayd_sock *rsock, const char *channel_nam /* Compat with relayd 2.1 */ if (rsock->minor == 1) { memset(&msg, 0, sizeof(msg)); - if (strlen(channel_name) >= sizeof(msg.channel_name)) { + if (lttng_strncpy(msg.channel_name, channel_name, + sizeof(msg.channel_name))) { ret = -1; goto error; } - strncpy(msg.channel_name, channel_name, sizeof(msg.channel_name)); - if (strlen(pathname) >= sizeof(msg.pathname)) { + if (lttng_strncpy(msg.pathname, pathname, + sizeof(msg.pathname))) { ret = -1; goto error; } - strncpy(msg.pathname, pathname, sizeof(msg.pathname)); /* Send command */ ret = send_command(rsock, RELAYD_ADD_STREAM, (void *) &msg, sizeof(msg), 0); @@ -273,16 +273,16 @@ int relayd_add_stream(struct lttcomm_relayd_sock *rsock, const char *channel_nam } else { memset(&msg_2_2, 0, sizeof(msg_2_2)); /* Compat with relayd 2.2+ */ - if (strlen(channel_name) >= sizeof(msg_2_2.channel_name)) { + if (lttng_strncpy(msg_2_2.channel_name, channel_name, + sizeof(msg_2_2.channel_name))) { ret = -1; goto error; } - strncpy(msg_2_2.channel_name, channel_name, sizeof(msg_2_2.channel_name)); - if (strlen(pathname) >= sizeof(msg_2_2.pathname)) { + if (lttng_strncpy(msg_2_2.pathname, pathname, + sizeof(msg_2_2.pathname))) { ret = -1; goto error; } - strncpy(msg_2_2.pathname, pathname, sizeof(msg_2_2.pathname)); msg_2_2.tracefile_size = htobe64(tracefile_size); msg_2_2.tracefile_count = htobe64(tracefile_count); -- 2.34.1