From bb5d54e7416f8af61ac931c3b50b4df576e76731 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:55 -0400 Subject: [PATCH] Fix: illegal memory access in session_create MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1323138 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array session->hostname of size 64 bytes might leave the destination string unterminated. CID 1323138 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)3. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array session->session_name of size 255 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-relayd/session.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/bin/lttng-relayd/session.c b/src/bin/lttng-relayd/session.c index d1c2098f8..9702bd220 100644 --- a/src/bin/lttng-relayd/session.c +++ b/src/bin/lttng-relayd/session.c @@ -46,11 +46,16 @@ struct relay_session *session_create(const char *session_name, PERROR("relay session zmalloc"); goto error; } - + if (lttng_strncpy(session->session_name, session_name, + sizeof(session->session_name))) { + goto error; + } + if (lttng_strncpy(session->hostname, hostname, + sizeof(session->hostname))) { + goto error; + } session->ctf_traces_ht = lttng_ht_new(0, LTTNG_HT_TYPE_STRING); if (!session->ctf_traces_ht) { - free(session); - session = NULL; goto error; } @@ -67,17 +72,15 @@ struct relay_session *session_create(const char *session_name, pthread_mutex_init(&session->reflock, NULL); pthread_mutex_init(&session->recv_list_lock, NULL); - strncpy(session->session_name, session_name, - sizeof(session->session_name)); - strncpy(session->hostname, hostname, - sizeof(session->hostname)); session->live_timer = live_timer; session->snapshot = snapshot; lttng_ht_add_unique_u64(sessions_ht, &session->session_n); + return session; error: - return session; + free(session); + return NULL; } /* Should be called with RCU read-side lock held. */ -- 2.34.1