Fix: illegal memory access in disable_event

[lttng-tools.git] / src / bin / lttng-sessiond / agent.c

diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c
index c50bbcabaee61d63639eb963b2f1ffa3fa8c5037..9935e06121005baa69d444559ce87b09899ce2de 100644 (file)
--- a/src/bin/lttng-sessiond/agent.c
+++ b/src/bin/lttng-sessiond/agent.c
@@ -124,7 +124,7 @@ static void destroy_event_agent_rcu(struct rcu_head *head)
        struct agent_event *event =
                caa_container_of(node, struct agent_event, node);
 
-       free(event);
+       agent_destroy_event(event);
 }
 
 /*
@@ -392,14 +392,17 @@ static int disable_event(struct agent_app *app, struct agent_event *event)
                        app->pid, app->sock->fd);
 
        data_size = sizeof(msg);
+       memset(&msg, 0, sizeof(msg));
+       if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) {
+               ret = LTTNG_ERR_INVALID;
+               goto error;
+       }
 
        ret = send_header(app->sock, data_size, AGENT_CMD_DISABLE, 0);
        if (ret < 0) {
                goto error_io;
        }
 
-       memset(&msg, 0, sizeof(msg));
-       strncpy(msg.name, event->name, sizeof(msg.name));
        ret = send_payload(app->sock, &msg, sizeof(msg));
        if (ret < 0) {
                goto error_io;
@@ -443,7 +446,7 @@ int agent_send_registration_done(struct agent_app *app)
 
        DBG("Agent sending registration done to app socket %d", app->sock->fd);
 
-       return send_header(app->sock, 0, AGENT_CMD_REG_DONE, 0);
+       return send_header(app->sock, 0, AGENT_CMD_REG_DONE, 1);
 }
 
 /*
@@ -493,11 +496,14 @@ error:
 int agent_disable_event(struct agent_event *event,
                enum lttng_domain_type domain)
 {
-       int ret;
+       int ret = LTTNG_OK;
        struct agent_app *app;
        struct lttng_ht_iter iter;
 
        assert(event);
+       if (!event->enabled) {
+               goto end;
+       }
 
        rcu_read_lock();
 
@@ -515,10 +521,10 @@ int agent_disable_event(struct agent_event *event,
        }
 
        event->enabled = 0;
-       ret = LTTNG_OK;
 
 error:
        rcu_read_unlock();
+end:
        return ret;
 }
 
@@ -911,12 +917,12 @@ void agent_destroy_event(struct agent_event *event)
        assert(event);
 
        free(event->filter);
+       free(event->filter_expression);
        free(event);
 }
 
 /*
- * Destroy an agent completely. Note that the given pointer is NOT freed
- * thus a reference to static or stack data can be passed to this function.
+ * Destroy an agent completely.
  */
 void agent_destroy(struct agent *agt)
 {
@@ -955,6 +961,7 @@ void agent_destroy(struct agent *agt)
        rcu_read_unlock();
 
        ht_cleanup_push(agt->events);
+       free(agt);
 }
 
 /*
@@ -1006,6 +1013,9 @@ void agent_app_ht_clean(void)
        struct lttng_ht_node_ulong *node;
        struct lttng_ht_iter iter;
 
+       if (!agent_apps_ht_by_sock) {
+               return;
+       }
        rcu_read_lock();
        cds_lfht_for_each_entry(agent_apps_ht_by_sock->ht, &iter.iter, node, node) {
                struct agent_app *app;