Fix: illegal memory access in _cmd_enable_event

Found by Coverity: CID 1321742 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)21. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array attr->name of size 256 bytes might leave the destination string unterminated. CID 1321742 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)22. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array attr->name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers <[email protected]> Signed-off-by: Jérémie Galarneau <[email protected]>
lttng · May 17, 2016 · 04c1725 · 04c1725
1 parent f6835b8
commit 04c1725
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
@@ -1853,7 +1853,12 @@ static int _cmd_enable_event(struct ltt_session *session,
 				ret = LTTNG_ERR_FATAL;
 				goto error;
 			}
-			strncpy(attr->name, channel_name, sizeof(attr->name));
+			if (lttng_strncpy(attr->name, channel_name,
+					sizeof(attr->name))) {
+				ret = LTTNG_ERR_INVALID;
+				free(attr);
+				goto error;
+			}
 
 			ret = cmd_enable_channel(session, domain, attr, wpipe);
 			if (ret != LTTNG_OK) {
@@ -1990,7 +1995,12 @@ static int _cmd_enable_event(struct ltt_session *session,
 				ret = LTTNG_ERR_FATAL;
 				goto error;
 			}
-			strncpy(attr->name, channel_name, sizeof(attr->name));
+			if (lttng_strncpy(attr->name, channel_name,
+					sizeof(attr->name))) {
+				ret = LTTNG_ERR_INVALID;
+				free(attr);
+				goto error;
+			}
 
 			ret = cmd_enable_channel(session, domain, attr, wpipe);
 			if (ret != LTTNG_OK) {