From bb45c03e2f9a46d9baf4ab7b93f57cd8f259f3d5 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:44 -0400 Subject: [PATCH] Fix: illegal memory access in enable_event MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243033 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)16. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array msg.name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/agent.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c index ced0f85cf..f79ac00e6 100644 --- a/src/bin/lttng-sessiond/agent.c +++ b/src/bin/lttng-sessiond/agent.c @@ -408,17 +408,20 @@ static int enable_event(struct agent_app *app, struct agent_event *event) } data_size = sizeof(msg) + filter_expression_length; - ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0); - if (ret < 0) { - goto error_io; - } - memset(&msg, 0, sizeof(msg)); msg.loglevel_value = htobe32(event->loglevel_value); msg.loglevel_type = htobe32(event->loglevel_type); - strncpy(msg.name, event->name, sizeof(msg.name)); + if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) { + ret = LTTNG_ERR_INVALID; + goto error; + } msg.filter_expression_length = htobe32(filter_expression_length); + ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0); + if (ret < 0) { + goto error_io; + } + bytes_to_send = zmalloc(data_size); if (!bytes_to_send) { ret = LTTNG_ERR_NOMEM; -- 2.34.1