projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git]
/
src
/
common
/
event-rule
/
kprobe.c
diff --git
a/src/common/event-rule/kprobe.c
b/src/common/event-rule/kprobe.c
index a5c93e653f08784dbb4af8997dc1d14c66ba80c9..9cc5d7c5433b0016dea8efb51675d2a70956e8fa 100644
(file)
--- a/
src/common/event-rule/kprobe.c
+++ b/
src/common/event-rule/kprobe.c
@@
-219,19
+219,15
@@
ssize_t lttng_event_rule_kprobe_create_from_payload(
goto end;
}
goto end;
}
- if (view->buffer.size < sizeof(*kprobe_comm)) {
+ current_buffer_view = lttng_buffer_view_from_view(
+ &view->buffer, offset, sizeof(*kprobe_comm));
+ if (!lttng_buffer_view_is_valid(¤t_buffer_view)) {
ERR("Failed to initialize from malformed event rule kprobe: buffer too short to contain header.");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed event rule kprobe: buffer too short to contain header.");
ret = -1;
goto end;
}
- current_buffer_view = lttng_buffer_view_from_view(
- &view->buffer, offset, sizeof(*kprobe_comm));
kprobe_comm = (typeof(kprobe_comm)) current_buffer_view.data;
kprobe_comm = (typeof(kprobe_comm)) current_buffer_view.data;
- if (!kprobe_comm) {
- ret = -1;
- goto end;
- }
rule = lttng_event_rule_kprobe_create();
if (!rule) {
rule = lttng_event_rule_kprobe_create();
if (!rule) {
@@
-251,12
+247,12
@@
ssize_t lttng_event_rule_kprobe_create_from_payload(
lttng_payload_view_from_view(view, offset,
kprobe_comm->name_len);
lttng_payload_view_from_view(view, offset,
kprobe_comm->name_len);
- name = current_payload_view.buffer.data;
- if (!name) {
+ if (!lttng_payload_view_is_valid(¤t_payload_view)) {
ret = -1;
goto end;
}
ret = -1;
goto end;
}
+ name = current_payload_view.buffer.data;
if (!lttng_buffer_view_contains_string(
¤t_payload_view.buffer, name,
kprobe_comm->name_len)) {
if (!lttng_buffer_view_contains_string(
¤t_payload_view.buffer, name,
kprobe_comm->name_len)) {
@@
-274,6
+270,11
@@
ssize_t lttng_event_rule_kprobe_create_from_payload(
lttng_payload_view_from_view(view, offset,
kprobe_comm->location_len);
lttng_payload_view_from_view(view, offset,
kprobe_comm->location_len);
+ if (!lttng_payload_view_is_valid(¤t_payload_view)) {
+ ret = -1;
+ goto end;
+ }
+
ret = lttng_kernel_probe_location_create_from_payload(
¤t_payload_view, &location);
if (ret < 0) {
ret = lttng_kernel_probe_location_create_from_payload(
¤t_payload_view, &location);
if (ret < 0) {
This page took
0.024479 seconds
and
4
git commands to generate.