/*
- * Copyright (C) 2018 - Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
+ * Copyright (C) 2018 Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
*
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License, version 2 only, as
- * published by the Free Software Foundation.
+ * SPDX-License-Identifier: GPL-2.0-only
*
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#define _LGPL_SOURCE
ret = -ENAMETOOLONG;
ERR("Length of session name (%" PRIu32 " bytes) received in create_session command exceeds maximum length (%d bytes)", header.session_name_len, LTTNG_NAME_MAX);
goto error;
+ } else if (header.session_name_len == 0) {
+ ret = -EINVAL;
+ ERR("Illegal session name length of 0 received");
+ goto error;
}
if (header.hostname_len > LTTNG_HOST_NAME_MAX) {
ret = -ENAMETOOLONG;
offset = header_len;
session_name_view = lttng_buffer_view_from_view(payload, offset,
header.session_name_len);
+ if (!lttng_buffer_view_is_valid(&session_name_view)) {
+ ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain session name");
+ ret = -1;
+ goto error;
+ }
+
offset += header.session_name_len;
hostname_view = lttng_buffer_view_from_view(payload,
offset, header.hostname_len);
+ if (!lttng_buffer_view_is_valid(&hostname_view)) {
+ ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain hostname");
+ ret = -1;
+ goto error;
+ }
+
offset += header.hostname_len;
base_path_view = lttng_buffer_view_from_view(payload,
offset, header.base_path_len);
+ if (header.base_path_len > 0 && !lttng_buffer_view_is_valid(&base_path_view)) {
+ ERR("Invalid payload in \"cmd_create_session_2_11\": buffer too short to contain base path");
+ ret = -1;
+ goto error;
+ }
/* Validate that names are NULL terminated. */
if (session_name_view.data[session_name_view.size - 1] != '\0') {
/* Validate that names are (NULL terminated. */
channel_name_view = lttng_buffer_view_from_view(payload, header_len,
- header.channel_name_len);
- pathname_view = lttng_buffer_view_from_view(payload,
- header_len + header.channel_name_len, header.pathname_len);
+ header.channel_name_len);
+ if (!lttng_buffer_view_is_valid(&channel_name_view)) {
+ ERR("Invalid payload received in \"cmd_recv_stream_2_11\": buffer too short for channel name");
+ ret = -1;
+ goto error;
+ }
if (channel_name_view.data[channel_name_view.size - 1] != '\0') {
ERR("cmd_recv_stream_2_11 channel_name is invalid (not NULL terminated)");
goto error;
}
+ pathname_view = lttng_buffer_view_from_view(payload,
+ header_len + header.channel_name_len, header.pathname_len);
+ if (!lttng_buffer_view_is_valid(&pathname_view)) {
+ ERR("Invalid payload received in \"cmd_recv_stream_2_11\": buffer too short for path name");
+ ret = -1;
+ goto error;
+ }
+
if (pathname_view.data[pathname_view.size - 1] != '\0') {
ERR("cmd_recv_stream_2_11 patname is invalid (not NULL terminated)");
ret = -1;