From 53a5c2099f5552403166f069e6642dc9e083bb7f Mon Sep 17 00:00:00 2001 From: Francis Deslauriers Date: Fri, 28 May 2021 16:06:09 -0400 Subject: [PATCH] Fix: appending unallocated data from beyond exclusion entries MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Issue ===== If an exclusion string is smaller than the `LTTNG_SYMBOL_NAME_LEN` integer, the `lttng_dynamic_buffer_append()` call will append unallocated data to the buffer. Fix === Use the `exclusion_len` value to copy the actual exclusion and pad the remaining bytes with zeros. Signed-off-by: Francis Deslauriers Signed-off-by: Simon Marchi Signed-off-by: Jérémie Galarneau Change-Id: I04c6681c28e82de29791541eb490158db9e503d0 --- src/lib/lttng-ctl/lttng-ctl.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/lib/lttng-ctl/lttng-ctl.c b/src/lib/lttng-ctl/lttng-ctl.c index d9805e222..7ad1fe132 100644 --- a/src/lib/lttng-ctl/lttng-ctl.c +++ b/src/lib/lttng-ctl/lttng-ctl.c @@ -1204,7 +1204,7 @@ int lttng_enable_event_with_exclusions(struct lttng_handle *handle, for (i = 0; i < exclusion_count; i++) { size_t exclusion_len; - exclusion_len = lttng_strnlen(*(exclusion_list + i), + exclusion_len = lttng_strnlen(exclusion_list[i], LTTNG_SYMBOL_NAME_LEN); if (exclusion_len == LTTNG_SYMBOL_NAME_LEN) { /* Exclusion is not NULL-terminated. */ @@ -1213,7 +1213,17 @@ int lttng_enable_event_with_exclusions(struct lttng_handle *handle, } ret = lttng_dynamic_buffer_append(&payload.buffer, - *(exclusion_list + i), LTTNG_SYMBOL_NAME_LEN); + exclusion_list[i], exclusion_len); + if (ret) { + goto mem_error; + } + + /* + * Padding the rest of the entry with zeros. Every exclusion + * entries take LTTNG_SYMBOL_NAME_LEN bytes in the buffer. + */ + ret = lttng_dynamic_buffer_set_size(&payload.buffer, + LTTNG_SYMBOL_NAME_LEN * (i + 1)); if (ret) { goto mem_error; } -- 2.34.1