Fix: illegal memory access in send_viewer_streams

Found by Coverity: CID 1243037 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)18. buffer_size_warning: Calling strncpy with a maximum size argument of 4096 bytes on destination array send_stream.path_name of size 4096 bytes might leave the destination string unterminated. CID 1243037 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)18. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array send_stream.channel_name of size 255 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers <[email protected]> Signed-off-by: Jérémie Galarneau <[email protected]>
lttng · May 17, 2016 · f8f011f · f8f011f
1 parent 5f10c6b
commit f8f011f
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/src/bin/lttng-relayd/live.c b/src/bin/lttng-relayd/live.c
@@ -230,10 +230,21 @@ ssize_t send_viewer_streams(struct lttcomm_sock *sock,
 		send_stream.ctf_trace_id = htobe64(ctf_trace->id);
 		send_stream.metadata_flag = htobe32(
 				vstream->stream->is_metadata);
-		strncpy(send_stream.path_name, vstream->path_name,
-				sizeof(send_stream.path_name));
-		strncpy(send_stream.channel_name, vstream->channel_name,
-				sizeof(send_stream.channel_name));
+		if (lttng_strncpy(send_stream.path_name, vstream->path_name,
+				sizeof(send_stream.path_name))) {
+			pthread_mutex_unlock(&vstream->stream->lock);
+			viewer_stream_put(vstream);
+			ret = -1;	/* Error. */
+			goto end_unlock;
+		}
+		if (lttng_strncpy(send_stream.channel_name,
+				vstream->channel_name,
+				sizeof(send_stream.channel_name))) {
+			pthread_mutex_unlock(&vstream->stream->lock);
+			viewer_stream_put(vstream);
+			ret = -1;	/* Error. */
+			goto end_unlock;
+		}
 
 		DBG("Sending stream %" PRIu64 " to viewer",
 				vstream->stream->stream_handle);