Fix: relayd comm: improperly packed rotate streams command header

[lttng-tools.git] / src / bin / lttng-relayd / main.c
diff --git a/src/bin/lttng-relayd/main.c b/src/bin/lttng-relayd/main.c

index cbd9e9cc70bc8733e7f82dc59d21b29651524ae2..f1c201a9fab71fcba58ce51f18799c17308c871b 100644 (file)
--- a/src/bin/lttng-relayd/main.c
+++ b/src/bin/lttng-relayd/main.c
@@ -230,7 +230,7 @@ static int set_option(int opt, const char *arg, const char *optname)
  
                         errno = 0;
                         v = strtoul(arg, NULL, 0);
-                       if (errno != 0 || !isdigit(arg[0])) {
+                       if (errno != 0 || !isdigit((unsigned char) arg[0])) {
                                 ERR("Wrong value in --fd-pool-size parameter: %s", arg);
                                 ret = -1;
                                 goto end;
@@ -507,7 +507,7 @@ static int set_fd_pool_size(void)
                 goto end;
         }
  
-       DBG("File descriptor pool size argument (%u) adjusted to %u to accomodate transient fd uses",
+       DBG("File descriptor pool size argument (%u) adjusted to %u to accommodates transient fd uses",
                         lttng_opt_fd_pool_size,
                         lttng_opt_fd_pool_size - DEFAULT_RELAYD_FD_POOL_SIZE_RESERVE);
         lttng_opt_fd_pool_size -= DEFAULT_RELAYD_FD_POOL_SIZE_RESERVE;
@@ -520,7 +520,7 @@ static int set_options(int argc, char **argv)
         int c, ret = 0, option_index = 0, retval = 0;
         int orig_optopt = optopt, orig_optind = optind;
         char *default_address, *optstring;
-       const char *config_path = NULL;
+       char *config_path = NULL;
  
         optstring = utils_generate_optstring(long_options,
                         sizeof(long_options) / sizeof(struct option));
@@ -544,6 +544,7 @@ static int set_options(int argc, char **argv)
                         WARN("Getting '%s' argument from setuid/setgid binary refused for security reasons.",
                                 "-f, --config");
                 } else {
+                       free(config_path);
                         config_path = utils_expand_path(optarg);
                         if (!config_path) {
                                 ERR("Failed to resolve path: %s", optarg);
@@ -656,6 +657,7 @@ static int set_options(int argc, char **argv)
         }
  
  exit:
+       free(config_path);
         free(optstring);
         return retval;
  }
@@ -917,7 +919,7 @@ static int create_named_thread_poll_set(struct lttng_poll_event *events,
         }
  
         ret = fd_tracker_util_poll_create(the_fd_tracker,
-                       name, events, 1, LTTNG_CLOEXEC);
+                       name, events, 1, LTTNG_CLOEXEC);
         if (ret) {
                 PERROR("Failed to create \"%s\" poll file descriptor", name);
                 goto error;
@@ -978,7 +980,7 @@ static int accept_sock(void *data, int *out_fd)
         struct lttcomm_sock **socks = data;
         struct lttcomm_sock *in_sock = socks[0];
  
-        socks[1] = in_sock->ops->accept(in_sock);
+       socks[1] = in_sock->ops->accept(in_sock);
         if (!socks[1]) {
                 ret = -1;
                 goto end;
@@ -1022,7 +1024,11 @@ static struct lttcomm_sock *relay_socket_create(struct lttng_uri *uri,
         ret = fd_tracker_open_unsuspendable_fd(the_fd_tracker, &sock_fd,
                         (const char **) (formated_name ? &formated_name : NULL),
                         1, create_sock, sock);
-       free(formated_name);
+       if (ret) {
+               PERROR("Failed to open \"%s\" relay socket",
+                               formated_name ?: "Unknown");
+               goto error;
+       }
         DBG("Listening on %s socket %d", name, sock->fd);
  
         ret = sock->ops->bind(sock);
@@ -1037,12 +1043,14 @@ static struct lttcomm_sock *relay_socket_create(struct lttng_uri *uri,
  
         }
  
+       free(formated_name);
         return sock;
  
  error:
         if (sock) {
                 lttcomm_destroy_sock(sock);
         }
+       free(formated_name);
         return NULL;
  }
  
@@ -1054,7 +1062,7 @@ struct lttcomm_sock *accept_relayd_sock(struct lttcomm_sock *listening_sock,
         struct lttcomm_sock *socks[2] = { listening_sock, NULL };
         struct lttcomm_sock *new_sock = NULL;
  
-        ret = fd_tracker_open_unsuspendable_fd(
+       ret = fd_tracker_open_unsuspendable_fd(
                         the_fd_tracker, &out_fd,
                         (const char **) &name,
                         1, accept_sock, &socks);
@@ -1626,7 +1634,8 @@ static int relay_add_stream(const struct lttcomm_relayd_hdr *recv_hdr,
                         group_by_session_path_name =
                                         backward_compat_group_by_session(
                                                         path_name,
-                                                       session->session_name);
+                                                       session->session_name,
+                                                       session->creation_time.value);
                         if (!group_by_session_path_name) {
                                 ERR("Failed to apply group by session to stream of session %" PRIu64,
                                                 session->id);
@@ -1954,7 +1963,7 @@ static int relay_recv_metadata(const struct lttcomm_relayd_hdr *recv_hdr,
  
         packet_view = lttng_buffer_view_from_view(payload,
                         sizeof(metadata_payload_header), metadata_payload_size);
-       if (!packet_view.data) {
+       if (!lttng_buffer_view_is_valid(&packet_view)) {
                 ERR("Invalid metadata packet length announced by header");
                 ret = -1;
                 goto end_put;
@@ -2496,6 +2505,125 @@ end_no_session:
         return ret;
  }
  
+static ssize_t relay_unpack_rotate_streams_header(
+               const struct lttng_buffer_view *payload,
+               struct lttcomm_relayd_rotate_streams *_rotate_streams)
+{
+       struct lttcomm_relayd_rotate_streams rotate_streams;
+       /*
+        * Set to the smallest version (packed) of `lttcomm_relayd_rotate_streams`.
+        * This is the smallest version of this structure, but it can be larger;
+        * this variable is updated once the proper size of the structure is known.
+        *
+        * See comment at the declaration of this structure for more information.
+        */
+       ssize_t header_len = sizeof(struct lttcomm_relayd_rotate_streams_packed);
+       size_t expected_payload_size_no_padding,
+               expected_payload_size_3_bytes_padding,
+               expected_payload_size_7_bytes_padding;
+
+       if (payload->size < header_len) {
+               ERR("Unexpected payload size in \"relay_rotate_session_stream\": expected >= %zu bytes, got %zu bytes",
+                               header_len, payload->size);
+               goto error;
+       }
+
+       /*
+        * Some versions incorrectly omitted the LTTNG_PACKED annotation on the
+        * `new_chunk_id` optional field of struct lttcomm_relayd_rotate_streams.
+        *
+        * We start by "unpacking" `stream_count` to figure out the padding length
+        * emited by our peer.
+        */
+       memcpy(&rotate_streams.stream_count, payload->data,
+                       sizeof(rotate_streams.stream_count));
+       rotate_streams = (typeof(rotate_streams)) {
+               .stream_count = be32toh(rotate_streams.stream_count),
+       };
+
+       /*
+        * Payload size expected given the possible padding lengths in
+        * `struct lttcomm_relayd_rotate_streams`.
+        */
+       expected_payload_size_no_padding = (rotate_streams.stream_count *
+               sizeof(*rotate_streams.rotation_positions)) +
+               sizeof(struct lttcomm_relayd_rotate_streams_packed);
+       expected_payload_size_3_bytes_padding = (rotate_streams.stream_count *
+               sizeof(*rotate_streams.rotation_positions)) +
+               sizeof(struct lttcomm_relayd_rotate_streams_3_bytes_padding);
+       expected_payload_size_7_bytes_padding = (rotate_streams.stream_count *
+               sizeof(*rotate_streams.rotation_positions)) +
+               sizeof(struct lttcomm_relayd_rotate_streams_7_bytes_padding);
+
+       if (payload->size == expected_payload_size_no_padding) {
+               struct lttcomm_relayd_rotate_streams_packed packed_rotate_streams;
+
+               /*
+                * This handles cases where someone might build with
+                * -fpack-struct or any other toolchain that wouldn't produce
+                * padding to align `value`.
+                */
+               DBG("Received `struct lttcomm_relayd_rotate_streams` with no padding");
+
+               header_len = sizeof(packed_rotate_streams);
+               memcpy(&packed_rotate_streams, payload->data, header_len);
+
+               /* Unpack the packed structure to the natively-packed version. */
+               *_rotate_streams = (typeof(*_rotate_streams)) {
+                       .stream_count = be32toh(packed_rotate_streams.stream_count),
+                       .new_chunk_id = (typeof(_rotate_streams->new_chunk_id)) {
+                               .is_set = !!packed_rotate_streams.new_chunk_id.is_set,
+                               .value = be64toh(packed_rotate_streams.new_chunk_id.value),
+                       }
+               };
+       } else if (payload->size == expected_payload_size_3_bytes_padding) {
+               struct lttcomm_relayd_rotate_streams_3_bytes_padding padded_rotate_streams;
+
+               DBG("Received `struct lttcomm_relayd_rotate_streams` with 3 bytes of padding (4-byte aligned peer)");
+
+               header_len = sizeof(padded_rotate_streams);
+               memcpy(&padded_rotate_streams, payload->data, header_len);
+
+               /* Unpack the 3-byte padded structure to the natively-packed version. */
+               *_rotate_streams = (typeof(*_rotate_streams)) {
+                       .stream_count = be32toh(padded_rotate_streams.stream_count),
+                       .new_chunk_id = (typeof(_rotate_streams->new_chunk_id)) {
+                               .is_set = !!padded_rotate_streams.new_chunk_id.is_set,
+                               .value = be64toh(padded_rotate_streams.new_chunk_id.value),
+                       }
+               };
+       } else if (payload->size == expected_payload_size_7_bytes_padding) {
+               struct lttcomm_relayd_rotate_streams_7_bytes_padding padded_rotate_streams;
+
+               DBG("Received `struct lttcomm_relayd_rotate_streams` with 7 bytes of padding (8-byte aligned peer)");
+
+               header_len = sizeof(padded_rotate_streams);
+               memcpy(&padded_rotate_streams, payload->data, header_len);
+
+               /* Unpack the 7-byte padded structure to the natively-packed version. */
+               *_rotate_streams = (typeof(*_rotate_streams)) {
+                       .stream_count = be32toh(padded_rotate_streams.stream_count),
+                       .new_chunk_id = (typeof(_rotate_streams->new_chunk_id)) {
+                               .is_set = !!padded_rotate_streams.new_chunk_id.is_set,
+                               .value = be64toh(padded_rotate_streams.new_chunk_id.value),
+                       }
+               };
+
+               header_len = sizeof(padded_rotate_streams);
+       } else {
+               ERR("Unexpected payload size in \"relay_rotate_session_stream\": expected %zu, %zu or %zu bytes, got %zu bytes",
+                               expected_payload_size_no_padding,
+                               expected_payload_size_3_bytes_padding,
+                               expected_payload_size_7_bytes_padding,
+                               payload->size);
+               goto error;
+       }
+
+       return header_len;
+error:
+       return -1;
+}
+
  /*
   * relay_rotate_session_stream: rotate a stream to a new tracefile for the
   * session rotation feature (not the tracefile rotation feature).
@@ -2513,11 +2641,11 @@ static int relay_rotate_session_streams(
         struct lttcomm_relayd_rotate_streams rotate_streams;
         struct lttcomm_relayd_generic_reply reply = {};
         struct relay_stream *stream = NULL;
-       const size_t header_len = sizeof(struct lttcomm_relayd_rotate_streams);
         struct lttng_trace_chunk *next_trace_chunk = NULL;
         struct lttng_buffer_view stream_positions;
         char chunk_id_buf[MAX_INT_DEC_LEN(uint64_t)];
         const char *chunk_id_str = "none";
+       ssize_t header_len;
  
         if (!session || !conn->version_check_done) {
                 ERR("Trying to rotate a stream before version check");
@@ -2531,24 +2659,12 @@ static int relay_rotate_session_streams(
                 goto end_no_reply;
         }
  
-       if (payload->size < header_len) {
-               ERR("Unexpected payload size in \"relay_rotate_session_stream\": expected >= %zu bytes, got %zu bytes",
-                               header_len, payload->size);
+       header_len = relay_unpack_rotate_streams_header(payload, &rotate_streams);
+       if (header_len < 0) {
                 ret = -1;
                 goto end_no_reply;
         }
  
-       memcpy(&rotate_streams, payload->data, header_len);
-
-       /* Convert header to host endianness. */
-       rotate_streams = (typeof(rotate_streams)) {
-               .stream_count = be32toh(rotate_streams.stream_count),
-               .new_chunk_id = (typeof(rotate_streams.new_chunk_id)) {
-                       .is_set = !!rotate_streams.new_chunk_id.is_set,
-                       .value = be64toh(rotate_streams.new_chunk_id.value),
-               }
-       };
-
         if (rotate_streams.new_chunk_id.is_set) {
                 /*
                  * Retrieve the trace chunk the stream must transition to. As
@@ -2586,7 +2702,7 @@ static int relay_rotate_session_streams(
                         chunk_id_str);
  
         stream_positions = lttng_buffer_view_from_view(payload,
-                       sizeof(rotate_streams), -1);
+                       header_len, -1);
         if (!stream_positions.data ||
                         stream_positions.size <
                                         (rotate_streams.stream_count *
@@ -2645,8 +2761,6 @@ end_no_reply:
         return ret;
  }
  
-
-
  /*
   * relay_create_trace_chunk: create a new trace chunk
   */
@@ -2660,7 +2774,6 @@ static int relay_create_trace_chunk(const struct lttcomm_relayd_hdr *recv_hdr,
         struct lttcomm_relayd_create_trace_chunk *msg;
         struct lttcomm_relayd_generic_reply reply = {};
         struct lttng_buffer_view header_view;
-       struct lttng_buffer_view chunk_name_view;
         struct lttng_trace_chunk *chunk = NULL, *published_chunk = NULL;
         enum lttng_error_code reply_code = LTTNG_OK;
         enum lttng_trace_chunk_status chunk_status;
@@ -2679,7 +2792,7 @@ static int relay_create_trace_chunk(const struct lttcomm_relayd_hdr *recv_hdr,
         }
  
         header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
-       if (!header_view.data) {
+       if (!lttng_buffer_view_is_valid(&header_view)) {
                 ERR("Failed to receive payload of chunk creation command");
                 ret = -1;
                 goto end_no_reply;
@@ -2724,13 +2837,21 @@ static int relay_create_trace_chunk(const struct lttcomm_relayd_hdr *recv_hdr,
  
         if (msg->override_name_length) {
                 const char *name;
+               const struct lttng_buffer_view chunk_name_view =
+                               lttng_buffer_view_from_view(payload,
+                                               sizeof(*msg),
+                                               msg->override_name_length);
+
+               if (!lttng_buffer_view_is_valid(&chunk_name_view)) {
+                       ERR("Invalid payload of chunk creation command (protocol error): buffer too short for expected name length");
+                       ret = -1;
+                       reply_code = LTTNG_ERR_INVALID;
+                       goto end;
+               }
  
-               chunk_name_view = lttng_buffer_view_from_view(payload,
-                               sizeof(*msg),
-                               msg->override_name_length);
                 name = chunk_name_view.data;
-               if (!name || name[msg->override_name_length - 1]) {
-                       ERR("Failed to receive payload of chunk creation command");
+               if (name[msg->override_name_length - 1]) {
+                       ERR("Invalid payload of chunk creation command (protocol error): name is not null-terminated");
                         ret = -1;
                         reply_code = LTTNG_ERR_INVALID;
                         goto end;
@@ -2865,7 +2986,7 @@ static int relay_close_trace_chunk(const struct lttcomm_relayd_hdr *recv_hdr,
         }
  
         header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
-       if (!header_view.data) {
+       if (!lttng_buffer_view_is_valid(&header_view)) {
                 ERR("Failed to receive payload of chunk close command");
                 ret = -1;
                 goto end_no_reply;
@@ -3098,20 +3219,20 @@ static int relay_trace_chunk_exists(const struct lttcomm_relayd_hdr *recv_hdr,
         bool chunk_exists;
  
         if (!session || !conn->version_check_done) {
-               ERR("Trying to close a trace chunk before version check");
+               ERR("Trying to check for the existance of a trace chunk before version check");
                 ret = -1;
                 goto end_no_reply;
         }
  
         if (session->major == 2 && session->minor < 11) {
-               ERR("Chunk close command is unsupported before 2.11");
+               ERR("Chunk exists command is unsupported before 2.11");
                 ret = -1;
                 goto end_no_reply;
         }
  
         header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
-       if (!header_view.data) {
-               ERR("Failed to receive payload of chunk close command");
+       if (!lttng_buffer_view_is_valid(&header_view)) {
+               ERR("Failed to receive payload of chunk exists command");
                 ret = -1;
                 goto end_no_reply;
         }
@@ -3162,7 +3283,7 @@ static int relay_get_configuration(const struct lttcomm_relayd_hdr *recv_hdr,
         uint64_t result_flags = 0;
  
         header_view = lttng_buffer_view_from_view(payload, 0, sizeof(*msg));
-       if (!header_view.data) {
+       if (!lttng_buffer_view_is_valid(&header_view)) {
                 ERR("Failed to receive payload of chunk close command");
                 ret = -1;
                 goto end_no_reply;