From 38956b501df0cc3f5041c5604039c2ec2d8efa76 Mon Sep 17 00:00:00 2001
From: Philippe Proulx <eeppeliteloop@gmail.com>
Date: Thu, 27 Nov 2014 17:35:32 -0500
Subject: [PATCH] Fix: channel names are not validated
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

This patch ensures:

  1. A channel name does not contain any '/' character, since
     relative paths may be injected in the channel name
     otherwise (knowing that the channel name is eventually
     part of a file name)
  2. A channel name does not start with a '.' character, since
     trace readers (Babeltrace is one of them) could interpret
     files starting with a dot as hidden files and ignore
     them when opening the CTF trace

Fixes: #751

Signed-off-by: Philippe Proulx <eeppeliteloop@gmail.com>
Signed-off-by: JÃ©rÃ©mie Galarneau <jeremie.galarneau@efficios.com>

Conflicts:
	include/lttng/lttng-error.h
	src/bin/lttng/commands/enable_channels.c
	src/common/error.c
---
 include/lttng/lttng-error.h              |  2 ++
 src/bin/lttng-sessiond/cmd.c             | 12 ++++++++++++
 src/bin/lttng/commands/enable_channels.c | 19 +++++++++++++++----
 src/common/error.c                       |  1 +
 4 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/include/lttng/lttng-error.h b/include/lttng/lttng-error.h
index e18fb00e8..9d0bd4743 100644
--- a/include/lttng/lttng-error.h
+++ b/include/lttng/lttng-error.h
@@ -132,6 +132,8 @@ enum lttng_error_code {
 	LTTNG_ERR_NO_CONSUMER            = 109, /* No consumer exist for the session */
 	LTTNG_ERR_EXCLUSION_INVAL        = 110, /* Invalid event exclusion data */
 	LTTNG_ERR_EXCLUSION_NOMEM        = 111, /* Lack of memory while processing event exclusions */
+	/* 112 */
+	LTTNG_ERR_INVALID_CHANNEL_NAME   = 113, /* Invalid channel name */
 
 	/* MUST be last element */
 	LTTNG_ERR_NR,                           /* Last element */
diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index ee205c9cb..942e770ba 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -17,6 +17,7 @@
 
 #define _GNU_SOURCE
 #include <assert.h>
+#include <string.h>
 #include <inttypes.h>
 #include <urcu/list.h>
 #include <urcu/uatomic.h>
@@ -907,11 +908,21 @@ int cmd_enable_channel(struct ltt_session *session,
 	int ret;
 	struct ltt_ust_session *usess = session->ust_session;
 	struct lttng_ht *chan_ht;
+	size_t len;
 
 	assert(session);
 	assert(attr);
 	assert(domain);
 
+	len = strnlen(attr->name, sizeof(attr->name));
+
+	/* Validate channel name */
+	if (attr->name[0] == '.' ||
+		memchr(attr->name, '/', len) != NULL) {
+		ret = LTTNG_ERR_INVALID_CHANNEL_NAME;
+		goto end;
+	}
+
 	DBG("Enabling channel %s for session %s", attr->name, session->name);
 
 	rcu_read_lock();
@@ -992,6 +1003,7 @@ int cmd_enable_channel(struct ltt_session *session,
 
 error:
 	rcu_read_unlock();
+end:
 	return ret;
 }
 
diff --git a/src/bin/lttng/commands/enable_channels.c b/src/bin/lttng/commands/enable_channels.c
index 7f25a6e91..4e5651b28 100644
--- a/src/bin/lttng/commands/enable_channels.c
+++ b/src/bin/lttng/commands/enable_channels.c
@@ -260,9 +260,16 @@ static int enable_channel(char *session_name)
 	/* Strip channel list (format: chan1,chan2,...) */
 	channel_name = strtok(opt_channels, ",");
 	while (channel_name != NULL) {
-		/* Copy channel name and normalize it */
-		strncpy(chan.name, channel_name, NAME_MAX);
-		chan.name[NAME_MAX - 1] = '\0';
+		/* Validate channel name's length */
+		if (strlen(channel_name) >= NAME_MAX) {
+			ERR("Channel name is too long (max. %zu characters)",
+					sizeof(chan.name) - 1);
+			ret = LTTNG_ERR_INVALID_CHANNEL_NAME;
+			goto error;
+		}
+
+		/* Copy channel name */
+		strcpy(chan.name, channel_name);
 
 		DBG("Enabling channel %s", channel_name);
 
@@ -275,6 +282,11 @@ static int enable_channel(char *session_name)
 				WARN("Channel %s: %s (session %s)", channel_name,
 						lttng_strerror(ret), session_name);
 				goto error;
+			case LTTNG_ERR_INVALID_CHANNEL_NAME:
+				ERR("Invalid channel name: \"%s\". "
+				    "Channel names may not start with '.', and "
+				    "may not contain '/'.", channel_name);
+				goto error;
 			default:
 				ERR("Channel %s: %s (session %s)", channel_name,
 						lttng_strerror(ret), session_name);
@@ -286,7 +298,6 @@ static int enable_channel(char *session_name)
 					get_domain_str(dom.type), channel_name, session_name);
 		}
 
-		/* Next event */
 		channel_name = strtok(NULL, ",");
 	}
 
diff --git a/src/common/error.c b/src/common/error.c
index fc17eba0b..1d76697a1 100644
--- a/src/common/error.c
+++ b/src/common/error.c
@@ -161,6 +161,7 @@ static const char *error_string_array[] = {
 	[ ERROR_INDEX(LTTNG_ERR_LOAD_IO_FAIL) ] = "IO error while reading a session configuration",
 	[ ERROR_INDEX(LTTNG_ERR_LOAD_SESSION_NOENT) ] = "Session file not found",
 	[ ERROR_INDEX(LTTNG_ERR_MAX_SIZE_INVALID) ] = "Snapshot max size is invalid",
+	[ ERROR_INDEX(LTTNG_ERR_INVALID_CHANNEL_NAME) ] = "Invalid channel name",
 
 	/* Last element */
 	[ ERROR_INDEX(LTTNG_ERR_NR) ] = "Unknown error code"
-- 
2.34.1