From 1de8c2e79eec9c661c1438df10ccc6aae4f92118 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:45 -0400 Subject: [PATCH] Fix: illegal memory access in disable_event MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243016 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)14. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array msg.name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/agent.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c index 229647b10..c9e056928 100644 --- a/src/bin/lttng-sessiond/agent.c +++ b/src/bin/lttng-sessiond/agent.c @@ -403,14 +403,17 @@ static int disable_event(struct agent_app *app, struct agent_event *event) app->pid, app->sock->fd); data_size = sizeof(msg); + memset(&msg, 0, sizeof(msg)); + if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) { + ret = LTTNG_ERR_INVALID; + goto error; + } ret = send_header(app->sock, data_size, AGENT_CMD_DISABLE, 0); if (ret < 0) { goto error_io; } - memset(&msg, 0, sizeof(msg)); - strncpy(msg.name, event->name, sizeof(msg.name)); ret = send_payload(app->sock, &msg, sizeof(msg)); if (ret < 0) { goto error_io; -- 2.34.1