From bfc3fb17b18dffde4b19c51c002d0112eca06f70 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:58 -0400 Subject: [PATCH] Fix: illegal memory access in viewer_list_sessions MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243025 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array send_session->hostname of size 64 bytes might leave the destination string unterminated. CID 1243025 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)17. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array send_session->session_name of size 255 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-relayd/live.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/bin/lttng-relayd/live.c b/src/bin/lttng-relayd/live.c index a9f4f648b..f87e4baf0 100644 --- a/src/bin/lttng-relayd/live.c +++ b/src/bin/lttng-relayd/live.c @@ -831,10 +831,19 @@ int viewer_list_sessions(struct relay_connection *conn) buf_count = new_buf_count; } send_session = &send_session_buf[count]; - strncpy(send_session->session_name, session->session_name, - sizeof(send_session->session_name)); - strncpy(send_session->hostname, session->hostname, - sizeof(send_session->hostname)); + if (lttng_strncpy(send_session->session_name, + session->session_name, + sizeof(send_session->session_name))) { + ret = -1; + rcu_read_unlock(); + goto end_free; + } + if (lttng_strncpy(send_session->hostname, session->hostname, + sizeof(send_session->hostname))) { + ret = -1; + rcu_read_unlock(); + goto end_free; + } send_session->id = htobe64(session->id); send_session->live_timer = htobe32(session->live_timer); if (session->viewer_attached) { -- 2.34.1