projects / lttng-tools.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fca9bc1) | patch
Fix: forbid session name creation if contains /
authorDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 19:45:08 +0000 (14:45 -0500)
committerDavid Goulet <dgoulet@efficios.com>
Tue, 25 Feb 2014 20:34:05 +0000 (15:34 -0500)
commit0841762cf475e71336a4f8df1b9a468e3a606dde
tree90175dd9f3f0b4bbe1a19df6388113f88b0b4ca4tree | snapshot
parentfca9bc1d05dce4f88721738be5c0aacc67eda8d0commit | diff
Fix: forbid session name creation if contains /

This adds a validation function for session name which for now denies
any session name containing '/'.

This is in response of bug #721 that actually uses a path as a session
name such as "test/../session1" which would then be concatenated to the
session path adding a relative path to it making this a serious security
issue.

Because of this issue, this is backported from master up to stable-2.3.

Fixes #721

Signed-off-by: David Goulet <dgoulet@efficios.com>
doc/man/lttng.1 diff | blob | blame | history
include/lttng/lttng-error.h diff | blob | blame | history
src/bin/lttng-sessiond/session.c diff | blob | blame | history
src/common/error.c diff | blob | blame | history
LTTng 2.0 tools and control repository
This page took 0.025442 seconds and 4 git commands to generate.