Fix: illegal memory access in enable_event

Found by Coverity: CID 1243033 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)16. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array msg.name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers <[email protected]> Signed-off-by: Jérémie Galarneau <[email protected]>
lttng · May 17, 2016 · bb45c03 · bb45c03
1 parent 9ac05d9
commit bb45c03
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c
@@ -408,17 +408,20 @@ static int enable_event(struct agent_app *app, struct agent_event *event)
 	}
 	data_size = sizeof(msg) + filter_expression_length;
 
-	ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0);
-	if (ret < 0) {
-		goto error_io;
-	}
-
 	memset(&msg, 0, sizeof(msg));
 	msg.loglevel_value = htobe32(event->loglevel_value);
 	msg.loglevel_type = htobe32(event->loglevel_type);
-	strncpy(msg.name, event->name, sizeof(msg.name));
+	if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) {
+		ret = LTTNG_ERR_INVALID;
+		goto error;
+	}
 	msg.filter_expression_length = htobe32(filter_expression_length);
 
+	ret = send_header(app->sock, data_size, AGENT_CMD_ENABLE, 0);
+	if (ret < 0) {
+		goto error_io;
+	}
+
 	bytes_to_send = zmalloc(data_size);
 	if (!bytes_to_send) {
 		ret = LTTNG_ERR_NOMEM;