projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: illegal memory access in cmd_snapshot_record
[lttng-tools.git]
/
src
/
bin
/
lttng-sessiond
/
cmd.c
diff --git
a/src/bin/lttng-sessiond/cmd.c
b/src/bin/lttng-sessiond/cmd.c
index ffc6e739f8f4faf41728936eeba06aaf29bd6f7c..9cd1920738cec1809b7999bf455211cd1bda5e16 100644
(file)
--- a/
src/bin/lttng-sessiond/cmd.c
+++ b/
src/bin/lttng-sessiond/cmd.c
@@
-508,12
+508,15
@@
static int add_uri_to_consumer(struct consumer_output *consumer,
DBG2("Setting trace directory path from URI to %s", uri->dst.path);
memset(consumer->dst.trace_path, 0,
sizeof(consumer->dst.trace_path));
DBG2("Setting trace directory path from URI to %s", uri->dst.path);
memset(consumer->dst.trace_path, 0,
sizeof(consumer->dst.trace_path));
- strncpy(consumer->dst.trace_path, uri->dst.path,
- sizeof(consumer->dst.trace_path));
+ /* Explicit length checks for strcpy and strcat. */
+ if (strlen(uri->dst.path) + strlen(default_trace_dir)
+ >= sizeof(consumer->dst.trace_path)) {
+ ret = LTTNG_ERR_FATAL;
+ goto error;
+ }
+ strcpy(consumer->dst.trace_path, uri->dst.path);
/* Append default trace dir */
/* Append default trace dir */
- strncat(consumer->dst.trace_path, default_trace_dir,
- sizeof(consumer->dst.trace_path) -
- strlen(consumer->dst.trace_path) - 1);
+ strcat(consumer->dst.trace_path, default_trace_dir);
/* Flag consumer as local. */
consumer->type = CONSUMER_DST_LOCAL;
break;
/* Flag consumer as local. */
consumer->type = CONSUMER_DST_LOCAL;
break;
@@
-1543,7
+1546,12
@@
static int _cmd_enable_event(struct ltt_session *session,
ret = LTTNG_ERR_FATAL;
goto error;
}
ret = LTTNG_ERR_FATAL;
goto error;
}
- strncpy(attr->name, channel_name, sizeof(attr->name));
+ if (lttng_strncpy(attr->name, channel_name,
+ sizeof(attr->name))) {
+ ret = LTTNG_ERR_INVALID;
+ free(attr);
+ goto error;
+ }
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
@@
-1680,7
+1688,12
@@
static int _cmd_enable_event(struct ltt_session *session,
ret = LTTNG_ERR_FATAL;
goto error;
}
ret = LTTNG_ERR_FATAL;
goto error;
}
- strncpy(attr->name, channel_name, sizeof(attr->name));
+ if (lttng_strncpy(attr->name, channel_name,
+ sizeof(attr->name))) {
+ ret = LTTNG_ERR_INVALID;
+ free(attr);
+ goto error;
+ }
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
ret = cmd_enable_channel(session, domain, attr, wpipe);
if (ret != LTTNG_OK) {
@@
-3027,10
+3040,18
@@
ssize_t cmd_snapshot_list_outputs(struct ltt_session *session,
assert(output->consumer);
list[idx].id = output->id;
list[idx].max_size = output->max_size;
assert(output->consumer);
list[idx].id = output->id;
list[idx].max_size = output->max_size;
- strncpy(list[idx].name, output->name, sizeof(list[idx].name));
+ if (lttng_strncpy(list[idx].name, output->name,
+ sizeof(list[idx].name))) {
+ ret = -LTTNG_ERR_INVALID;
+ goto error;
+ }
if (output->consumer->type == CONSUMER_DST_LOCAL) {
if (output->consumer->type == CONSUMER_DST_LOCAL) {
- strncpy(list[idx].ctrl_url, output->consumer->dst.trace_path,
- sizeof(list[idx].ctrl_url));
+ if (lttng_strncpy(list[idx].ctrl_url,
+ output->consumer->dst.trace_path,
+ sizeof(list[idx].ctrl_url))) {
+ ret = -LTTNG_ERR_INVALID;
+ goto error;
+ }
} else {
/* Control URI. */
ret = uri_to_str_url(&output->consumer->dst.net.control,
} else {
/* Control URI. */
ret = uri_to_str_url(&output->consumer->dst.net.control,
@@
-3121,13
+3142,6
@@
static int record_kernel_snapshot(struct ltt_kernel_session *ksess,
assert(output);
assert(session);
assert(output);
assert(session);
- /* Get the datetime for the snapshot output directory. */
- ret = utils_get_current_time_str("%Y%m%d-%H%M%S", output->datetime,
- sizeof(output->datetime));
- if (!ret) {
- ret = LTTNG_ERR_INVALID;
- goto error;
- }
/*
* Copy kernel session sockets so we can communicate with the right
/*
* Copy kernel session sockets so we can communicate with the right
@@
-3175,14
+3189,6
@@
static int record_ust_snapshot(struct ltt_ust_session *usess,
assert(output);
assert(session);
assert(output);
assert(session);
- /* Get the datetime for the snapshot output directory. */
- ret = utils_get_current_time_str("%Y%m%d-%H%M%S", output->datetime,
- sizeof(output->datetime));
- if (!ret) {
- ret = LTTNG_ERR_INVALID;
- goto error;
- }
-
/*
* Copy UST session sockets so we can communicate with the right
* consumer for the snapshot record command.
/*
* Copy UST session sockets so we can communicate with the right
* consumer for the snapshot record command.
@@
-3204,9
+3210,6
@@
static int record_ust_snapshot(struct ltt_ust_session *usess,
case EINVAL:
ret = LTTNG_ERR_INVALID;
break;
case EINVAL:
ret = LTTNG_ERR_INVALID;
break;
- case ENODATA:
- ret = LTTNG_ERR_SNAPSHOT_NODATA;
- break;
default:
ret = LTTNG_ERR_SNAPSHOT_FAIL;
break;
default:
ret = LTTNG_ERR_SNAPSHOT_FAIL;
break;
@@
-3324,12
+3327,21
@@
int cmd_snapshot_record(struct ltt_session *session,
unsigned int use_tmp_output = 0;
struct snapshot_output tmp_output;
unsigned int snapshot_success = 0;
unsigned int use_tmp_output = 0;
struct snapshot_output tmp_output;
unsigned int snapshot_success = 0;
+ char datetime[16];
assert(session);
assert(output);
DBG("Cmd snapshot record for session %s", session->name);
assert(session);
assert(output);
DBG("Cmd snapshot record for session %s", session->name);
+ /* Get the datetime for the snapshot output directory. */
+ ret = utils_get_current_time_str("%Y%m%d-%H%M%S", datetime,
+ sizeof(datetime));
+ if (!ret) {
+ ret = LTTNG_ERR_INVALID;
+ goto error;
+ }
+
/*
* Permission denied to create an output if the session is not
* set in no output mode.
/*
* Permission denied to create an output if the session is not
* set in no output mode.
@@
-3360,6
+3372,9
@@
int cmd_snapshot_record(struct ltt_session *session,
}
/* Use the global session count for the temporary snapshot. */
tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
}
/* Use the global session count for the temporary snapshot. */
tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
+
+ /* Use the global datetime */
+ memcpy(tmp_output.datetime, datetime, sizeof(datetime));
use_tmp_output = 1;
}
use_tmp_output = 1;
}
@@
-3422,11
+3437,16
@@
int cmd_snapshot_record(struct ltt_session *session,
/* Use temporary name. */
if (*output->name != '\0') {
/* Use temporary name. */
if (*output->name != '\0') {
- strncpy(tmp_output.name, output->name,
- sizeof(tmp_output.name));
+ if (lttng_strncpy(tmp_output.name, output->name,
+ sizeof(tmp_output.name))) {
+ ret = LTTNG_ERR_INVALID;
+ rcu_read_unlock();
+ goto error;
+ }
}
tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
}
tmp_output.nb_snapshot = session->snapshot.nb_snapshot;
+ memcpy(tmp_output.datetime, datetime, sizeof(datetime));
if (session->kernel_session) {
ret = record_kernel_snapshot(session->kernel_session,
if (session->kernel_session) {
ret = record_kernel_snapshot(session->kernel_session,
This page took
0.025886 seconds
and
4
git commands to generate.